feat: update GoogleUtils#getCertificateTrustStore to first attempt t…

[ldetmer]

This PR is the first step in stopping maintenance for custom keystore in google-api-java-client see: go/stop-keystore-api-java-client

1. It updates GoogleUtils.getCertificateTrustStore() to first attempt to load java jdk default certs using logic similar to java's internal TrustStoreManager class before falling back to the custom keystore bundled with google-api-java-client. This is to alleviate issues with the bundled keystore having expired/missing certs

2. Deprecates GoogleUtils.getCertificateTrustStore()

3. Deprecates GoogleNetHttpTransport

4. updates documentation to refer users to NetHttpTransport

Tested using GoogleNetHttpTransport.newTrustedTransport() to make call to storage API.

[blakeli0]

I see this exception is swallowed later without any logging, can we just return null to simplify the logic? A null check is also slightly more performant than a try catch.

[ldetmer]

good call, updated to return null.

I didn't add logging because technically client fails to load default certs the client continues to behave the way it does today, but if you think we should call out that we weren't able to load the certs, let me know and I'll add.

[blakeli0]

Did you get a chance to test against different JDK versions and/or JDK vendors?

[ldetmer]

I tested locally against 8. 17, 25 - they all used lib/security/cacerts (zulu, oracle)

The CI required me to add jre/lib/security/cacerts, so it seems more like a host env issue, as CI runs zulu but on linux. I removed the invalid comments attributing the different locations to differenet versions of java.

[blakeli0]

The PR title should probably be feat instead of chore.