crypto/x509: don't force system roots load in SetFallbackRoots
This change removes the need from SetFallbackRoots to force loading
of all system CAs, it postpones that to initSystemRoots.
This change also introduces few tests for SetFallbackRoots (linux only),
with the use of user and mount namespaces, such that we can control
the system CAs in the test.
Updates #73691
Change-Id: Ic37270f7825b96d5c3ed8358bbf1895a760a1312
Reviewed-on: https://go-review.googlesource.com/c/go/+/677496 Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>