tails-security-check's CA pinning is not effective on sid

Originally created by @intrigeri on #11812 (Redmine)

I guess it’s the same on Stretch. The BEGIN block does not work as it used to. This instead seems to work:

    $ua->ssl_opts(verify_hostname => 1);
    $ua->ssl_opts(SSL_ca_file     => $cafile);

To be verified: do we also need to empty SSL_ca_path to avoid the system’s /etc/ssl/certs/ from being used?

Note that we might wish to change the way tails-security-check does HTTPS requests entirely (#11810 (comment 55225)) so let’s hold on a bit here.

Edited May 15, 2020 by intrigeri

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information