Implement bindings to only use supplied root certificates for validating the server

[cyang1]

Implements a way to distrust the system cert store on all backends.

• On macOS, this just uses trust_anchor_certificates_only.
• On Windows, this uses a custom verify_callback that manually checks that the root cert exists in the user-specified root certs.
• On OpenSSL, this manually creates a new X509Store with the user-specified root certs and sets it with set_verify_cert_store. This is the one I'm least sure about -- it is probably more correct to avoid calling set_default_verify_paths, but that currently happens on builder construction, and moving where that happens might be a breaking change (as set_default_verify_paths reads environment variables, which are set process-wide).

Closes #41.

[cyang1]

@sfackler would you have a chance to take another look at this?

[sfackler]

Thanks!

[vasishath]

On android, the system certificates are still loaded even if this flag is set to true since the function loading android system certificates is called later.