Enable certificate verification on downloads

[joehorsnell]

Disabling TLS server certificate verification undermines the security of HTTPS
(ie, one might as well use HTTP) and is considered extremely bad practice:

• https://mislav.net/2013/07/ruby-openssl/
• https://brakemanscanner.org/docs/warning_types/ssl_verification_bypass/

Looks like it's been there since the initial release, so probably an
oversight?

[joehorsnell]

Any thoughts on this @tr4n2uil / @AnkurGel?

Any idea on getting the specs fixed? Unrelated to these changes, I think?

[joehorsnell]

Linking to comment on #27.

[bipul21]

Hi,

Thanks for pointing out this issue, this indeed undermines the security of HTTPS.
The right fix here would be to pass the root CA certificate used by the MITM Proxy but
to keep things simple user should be able to pass VERIFY::NONE here if knowingly
based on the network parameters.
So, here default value should be VERIFY::PEER which overrides to VERIFY::NONE based on a parameter

An optional argument can be passed during the initialization as.
bs_local = BrowserStack::Local.new verify="none"

Also with appropriate messaging on the initial exception which says to add
verify=”none” as arguments.