Fix SSL Certificate Validation Behind Corporate Proxies

[prateek]

This PR adds support for configuring SSL certificate handling when using LLM behind corporate proxies like Zscaler.

Problem

As described in issue #772, users behind corporate proxies or firewalls that perform SSL inspection (like Zscaler) encounter connection errors because the HTTPS certificate validation fails.

Unlike tools like uv (which has a --native-tls option), LLM didn't have a way to configure certificate handling to work in these environments.

Solution

This PR adds environment variables to configure SSL certificate handling:

# Use the system's native certificate store (similar to uv's --native-tls)
export LLM_SSL_CONFIG=native_tls

# Or specify a custom CA bundle
export LLM_CA_BUNDLE=/path/to/cert.pem

The configuration options include:

• LLM_SSL_CONFIG=native_tls: Use the system's native certificate store
• LLM_SSL_CONFIG=no_verify: Disable certificate verification (not recommended for production)
• LLM_CA_BUNDLE=/path/to/cert.pem: Use a custom CA bundle file

Implementation Details

• Added a helper function _configure_ssl_client that reads environment variables for SSL configuration
• Added validation for SSL configuration values with helpful warning messages
• Added certificate file existence checking to prevent silent failures
• Integrated the helper function with the get_client method
• Added comprehensive tests for all scenarios and configurations
• Added detailed documentation in the docs