(PUP-11471) Make using default path an option of create_x509_store

OpenSSL::X509::Store are created by #create_x509_store. The store is
often kept as is but in the context of #create_system_context it is
modified to also include system certificates.

In order to add support for system certificates to more SSL Contexts,
add a parameter to include or not the system's certificates.

No functional change.

Author: smortex

lib/puppet/ssl/ssl_provider.rb

@@ -51,8 +51,7 @@ def create_root_context(cacerts:, crls: [], revocation: Puppet[:certificate_revo
   # @raise (see #create_context)
   # @api private
   def create_system_context(cacerts:, path: Puppet[:ssl_trust_store])
-    store = create_x509_store(cacerts, [], false)
-    store.set_default_paths
+    store = create_x509_store(cacerts, [], false, include_system_store: true)
 
     if path
       stat = Puppet::FileSystem.stat(path)
@@ -186,14 +185,16 @@ def default_flags
     end
   end
 
-  def create_x509_store(roots, crls, revocation)
+  def create_x509_store(roots, crls, revocation, include_system_store: false)
     store = OpenSSL::X509::Store.new
     store.purpose = OpenSSL::X509::PURPOSE_ANY
     store.flags = default_flags | revocation_mode(revocation)
 
     roots.each { |cert| store.add_cert(cert) }
     crls.each { |crl| store.add_crl(crl) }
 
+    store.set_default_paths if include_system_store
+
     store
   end