fix: Improve CA certificate detection with fallback chain

[Iamrodos]

certifi is imported as a fallback when system CA certs are empty, but it's not listed in requirements.txt. This causes ModuleNotFoundError for users on systems without proper CA cert configuration (e.g. Codespaces).

https_ctx = ssl.create_default_context()
if not https_ctx.get_ca_certs():
    import warnings
    warnings.warn('\n\nYOUR DEFAULT CA CERTS ARE EMPTY.\n' +
                  'PLEASE POPULATE ANY OF:' +
                  ''.join([
                    '\n - ' + x
                    for x in ssl.get_default_verify_paths()
                    if type(x) is str
                  ]) + '\n', stacklevel=2)
    import certifi
    https_ctx = ssl.create_default_context(cafile=certifi.where())

The dependency was added in commit 548a2ec but never added to the requirements file.

Fixes #444

[josegonzalez]

I really dislike this. Because Of Reasons™, I want this package to not have any dependencies.

Can we make the certifi usage optional?

[Iamrodos]

I really dislike this. Because Of Reasons™, I want this package to not have any dependencies.

Can we make the certifi usage optional?

Agree. This forced me to dig deeper into the previous issue and resolution that introduced the certifi package. It was a bit naive in its approach so have tweaked.

[Iamrodos]

Ok, all updated. See the commit message for the "story".

Also, I don't like nest if/else blocks but this is the clearest way I could get the logic flow, even though it has pass. Alternative is using not, which I did, but that was harder to follow the logic chain.

Normally if this was in a function I would use early returns so there is no nesting. Trying to keep the changes minimal, this was the best I could come up with.