No SSL certificate validation on cluster API call

HTTP client has hardcoded no-verification approach for SSL connections to cluster endpoints.

I guess, it might be on purpose - than has to be documented. Otherwise has to be considered as security issue?

Line 223 in 1a0640f

http_options = [ssl: [verify: :verify_none], timeout: 15000]

This is no longer true if a ca.crt is present in the service account path. I'm open to further extending that to verify in more situations, but without a certificate bundle, we can't verify by default.