Update rasbperrypi and zephyr-cp to use a full Mozilla root certificate bundle

[dhalbert]

• Fixes (finishes) Update certificates submodule #10050
• Fixes Investigate using full Mozilla root certificate bundle for RP2 wifi #10488
• Fixes Investigate using full root certificate bundle for zephyr-cp #10489

Change the raspberrypi and zephyr-cp wifi builds to use the full Mozilla certificate bundle from https://github.com/adafruit/certificates. Now all our wifi builds use the full bundle.

This update required adafruit/certificates#10 to work. When i was testing this, the RP2 builds mysteriously did not work for an https://api.github.com HTTPS fetch. This was because the Comodo "AAA Certificate Sevices" root had recently been removed from the Mozilla bundle. For most hosts this is fine, because there was a cross-signed certificate in the api.github.com chain that used another root certificate. But mbedtls does not inherently support cross-signing, so the Comodo certificate had to be put back.

This was not an existing problem on the espressif builds, because the complete Mozilla bundle provided by ESP-IDF and used now on those builds still has that certificate. For background on Espressif's own diagnosis and fix of this same problem, see:

• https://newreleases.io/project/github/espressif/esp-idf/release/v5.4.1

  ESP Cert Bundle

  • Added entry for "Sectigo - Comodo AAA Services root" in the common CA cert authority list. This fixes problem with server verification with GitHub endpoint. Regression introduced in e174fc9. (74eadef)

• espressif/esp-idf@03433aa fix(mbedtls): re-include Starfield Class 2 CA
• espressif/esp-idf@6fe38c7 fix(mbedtls): re-include Comodo AAA Services root

Also note ESP-IDF recently implemented cross-signing support in their master for their upcoming v6.0 release:
espressif/esp-idf@cabb500.

[tannewt]

One question that should probably be answered in a code comment.

[tannewt]

Thank you!