[18.0][IMP]auth_oidc: verify self-signed certificates

[ChristophAbenthungCibex]

If the connection between odoo and an oauth provider uses self-signed certificates, a ssl error is thrown because the self-signed certificated cannot be verified.
Even if the user credentials are correct, the user will not get logged in.

Following error gets thrown:
requests.exceptions.SSLError: HTTPSConnectionPool(host='', port=443): Max retries exceeded with url: /realms//protocol/openid-connect/token (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000)')))

Steps to reproduce:

1. Setup a oauth provider (for example keycloak)
2. Setup odoo the oauth provider in odoo (used OpenID Connect (authorization code flow) as Auth Flow for my tests)
3. Logout
4. Try to login with the oauth provider
5. Type in the correct credentials
6. The oauth provider will redirect to Odoo
7. Odoo shows an error message and the user is not logged in

[OCA-git-bot]

Hi @sbidoul,
some modules you are maintaining are being modified, check this out!

[ap-wtioit]

Looks good (just the missing space is a requirement for the PR to be correct from my point of view)

This is a useful addition for checking with local HTTPS were one cannot really get official certificates.

[sbidoul]

Thanks. A couple a comment after a quick look.

[sbidoul]

I think this does not make it sufficiently clear that this enables an insecure option. Could we name this field, say, "insecure" like curl does?

[sbidoul]

I would name this field ca_bundle, but I have a strong preference to let that be configured at the system level, or with the REQUESTS_CA_BUNDLE environment variable.

[ap-wtioit]

For me the benefit here would be that this is only for one OAuth server connection while REQUESTS_CA_BUNDLE is for all requests from Odoo to other servers.