feat(config): add provider TLS skip verify

[Hmbown]

Summary

Harvests a narrow, provider-scoped slice of #1893 from @wavezhang:

• adds [providers.<name>] insecure_skip_tls_verify = true, disabled by default
• resolves the flag only for the active provider
• applies danger_accept_invalid_certs(true) only to the LLM provider HTTP client
• leaves updater, MCP, sandbox, tools, web/search/fetch, finance, and other HTTP clients unchanged
• keeps SSL_CERT_FILE as the preferred custom-CA path and documents this as a last resort
• surfaces the setting in human and JSON codewhale doctor output

Also includes a tiny expect_err clippy cleanup in crates/tui/src/prompts.rs because it blocked cargo clippy -p codewhale-tui --all-targets --locked -- -D warnings on this branch.

Credit

Thanks @wavezhang for the original #1893 direction. This PR keeps the useful intent while avoiding a broad/global TLS bypass and keeping the stale/conflicting source PR open for traceability.

Verification

• cargo test -p codewhale-config insecure_skip_tls_verify --locked
• cargo test -p codewhale-tui insecure_skip_tls_verify --locked
• cargo test -p codewhale-tui build_http_client --locked
• cargo test -p codewhale-tui doctor_tls_status --locked
• cargo test -p codewhale-config project_merge_denies_credentials_endpoints_and_provider_selection --locked
• cargo check -p codewhale-tui --all-features --locked
• ./scripts/release/check-versions.sh
• ./scripts/release/check-ohos-deps.sh
• git diff --check
• cargo clippy -p codewhale-tui --all-targets --locked -- -D warnings

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[greptile-apps]

Hmbown has reached the 50-review limit for trial accounts. To continue receiving code reviews, upgrade your plan.