Verify server certificates against the full Mozilla trust store

[schiermi]

• Include the TLS CA certificate trust store from Mozilla's CA Certificate Program, processed by curls CA extract. Based on this change all server certificates from portals which work "out of the box" in common browsers are also valid for track uploads.
• Also verify the server from which ublox ALP data is retrieved.

A build containing those changes was tested for three weeks "on the bike". Testing included track uploads, OBS webinterface access & ALP data downloads.

This PR increases the compiled firmware size by ~60 kb.

_It should be beneficial to include the instructions found in src/truststore/README.md to update the binary trust store src/truststore/x509_crt_bundle into the Github actions pipeline for new builds, but I'm missing knowledge for this task._

[amandel]

I can add the steps to the Github actions build. I hope to fine the time to do this as well as building the pro & classic code in one go. If I don't find the time till near next release we merge it as is :)

[schiermi]

• Mozilla trust store was updated beginning of July 24. I've updated the prepared trust store in the repo.
• (untested) attempt to update trust store in GH actions during build

[amandel]

Great to have the certs update integrated in the build!

The CI build now fails giving:

Traceback (most recent call last):
The cryptography package is not installed.Please refer to the Get Started section of the ESP-IDF Programming Guide for setting up the required packages.
  File "/__w/OpenBikeSensorFirmware/OpenBikeSensorFirmware/src/truststore/gen_crt_bundle.py", line 36, in <module>
    from cryptography import x509
ModuleNotFoundError: No module named 'cryptography'
Error: Process completed with exit code 1.

[schiermi]

Slowly getting my feet wet with GH actions; looks better now:

https://github.com/schiermi/OpenBikeSensorFirmware/actions/runs/10874202448/job/30171220169