Revert root certificate changes (#18527)
### Reverts PR
Reverts #18354
Reverts #18490
Reverts #18402
### Issues fixed
<!-- Issues that will be closed by reverting, i.e. the issues introduced
via the PR getting reverted -->
Fixes #18519
### Issues reopened
<!-- Issues that will be re-opened by reverting, i.e. the issues that
were fixed via the PR getting reverted -->
Reopens #15905
### Reason for revert
The current implementation breaks NVDA remote and breaks add-on APIs
### Can this PR be reimplemented? If so, what is required for the next
attempt
- use truststore.SSLContext directly rather than source code wide
injections. It is
[unclear](https://truststore.readthedocs.io/en/latest/#using-truststore-with-requests)
how to do that with requests. [this SO answer suggestions an
option](https://stackoverflow.com/a/78265028).
- perform the changes in an API breaking release, encourage authors to
use `inject_into_ssl, extract_from_ssl` where required
