Auto merge of #22254 - Darkspirit:ca_db_generator, r=paulrouget

Alternative CA database generator

[resources/certs](https://github.com/servo/servo/blob/master/resources/certs) is Servo's CA database and was last updated on 3 Apr 2017. Symantec has been revoked in the meantime.
[etc/cert_generator.js](b9847e2953/etc/cert_generator.js) is an XPCShell script for updating the certs file, but I found it too complex to run, so I made a simpler script.

What it does:
1. Download Mozilla's [official](https://wiki.mozilla.org/CA/Included_Certificates) CA database CSV file with curl and process it with awk: https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReportPEMCSV
2. rows end with "\n
3. split each row by `^"` and `","` into columns. (I had to remove `"$` because of servo-tidy.)
4. remove single and double quotes from column 30
5. if column 13 (12 in the csv file) contains `Websites` (some are Email-only), print column 30, the raw certificate
6. put everything into a `certs` file

servo-tidy wasn't happy so I had to make it a bit uglier. lol
> ./etc/cert_generator.sh:8: Line is longer than 80 characters
> ./etc/cert_generator.sh:8: script is missing options "set -o errexit", "set -o nounset", "set -o pipefail"
> ./etc/cert_generator.sh:8: variable substitutions should use the full "${VAR}" form
> ./etc/cert_generator.sh:8: variable substitutions should use the full "${VAR}" form
> ./etc/cert_generator.sh:8: variable substitutions should use the full "${VAR}" form
> ./etc/cert_generator.sh:8: variable substitutions should use the full "${VAR}" form

---
- [x] `./mach test-tidy` does not report any errors

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/22254)
<!-- Reviewable:end -->

etc/cert_generator.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+# https://wiki.mozilla.org/CA/Included_Certificates
+# 1. Mozilla's official CA database CSV file is downloaded with curl
+#    and processed with awk.
+# 2. Rows end with `"\n`.
+# 3. Each row is split by ^" and "," into columns.
+# 4. Single and double quotes are removed from column 30.
+# 5. If column 13 (12 in the csv file) contains `Websites`
+#    (some are Email-only), column 30 is printed, the raw certificate.
+# 6. All CA certs trusted for Websites are stored into the `certs` file.
+
+domain="ccadb-public.secure.force.com";
+curl "https://${domain}/mozilla/IncludedCACertificateReportPEMCSV" -sSf | \
+gawk -v RS="\"\n" -F'","|^"' \
+'{gsub("\047","",$(30));gsub("\"","",$(30));if($(13)~/Websites/)print $(30)}' \
+> certs
+