Add support for CURL_CA_BUNDLE to vsicurl

[sgillies]

I'd like to see GDAL's vsicurl handler support cert files in non-standard locations by using curl's CURL_CA_BUNDLE environment variable. The way this works in curl is that the value of CURL_CA_BUNDLE or SSL_CERT_FILE is used as the argument to, for example, curl_easy_setopt(hCurlHandle, CURLOPT_CAINFO, "/foo/bar"). The curl program behaves like this:

$ CURL_CA_BUNDLE=/foo/bar curl -I https://sgillies.net
curl: (77) error setting certificate verify locations:
  CAfile: /foo/bar
  CApath: none

$ CURL_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt curl -I https://sgillies.net
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Mon, 28 Nov 2016 16:13:23 GMT
Content-Type: text/html
Content-Length: 33052
Last-Modified: Mon, 28 Nov 2016 08:20:37 GMT
Connection: keep-alive
ETag: "583be8d5-811c"
Accept-Ranges: bytes

I regard this as a bug. If fixed, we can make binary Rasterio wheels with vsicurl and vsis3 support that are more portable. The current state of affairs is that a GDAL library has the build system's default SSL cert path baked in and it can't be changed, requiring some users to copy their certs to the expected location.

A couple new lines in cpl_vsil_curl.cpp is all it will take.

[Even Rouault]

In 36550:

CPLHTTPFetch(): add a CAINFO option to set the path to the CA bundle file. As a fallback also honour the CURL_CA_BUNDLE and SSL_CERT_FILE environment variables used by the curl binary, which makes this setting also available for /vsicurl/, /vsicurl_streaming/, /vsis3/ and /vsis3_streaming/ file systems (fixes #6732)

[Even Rouault]

In 36551:

CPLHTTPFetch(): add a CAINFO option to set the path to the CA bundle file. As a fallback also honour the CURL_CA_BUNDLE and SSL_CERT_FILE environment variables used by the curl binary, which makes this setting also available for /vsicurl/, /vsicurl_streaming/, /vsis3/ and /vsis3_streaming/ file systems (fixes #6732)