Fuchsia: Use system root cert capability and cert store.

This change uses a special sandbox feature to gain access to the
system's root certificate store.

The previous code referenced the cert store under "/system", but that
directory is not attached to the namespaces of non-"shell" processes.

Bug: 837536
Change-Id: I4a406525558e10dd0cac8e9b28345560899e07dc
Reviewed-on: https://chromium-review.googlesource.com/1032050Reviewed-by: Wez <wez@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Commit-Queue: Kevin Marshall <kmarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#554820}

build/config/fuchsia/sandbox_policy

 {
-  "features": [ "persistent-storage", "system-temp" ]
+  "features": [ "persistent-storage", "root-ssl-certificates", "system-temp" ]
 }
 

build/config/fuchsia/testing_sandbox_policy

 {
-  "features": [ "persistent-storage", "system-temp" ],
+  "features": [ "persistent-storage", "root-ssl-certificates", "system-temp"],
   "dev": ["null", "zero"]
 }
 

net/cert/internal/system_trust_store.cc

@@ -157,7 +157,7 @@ std::unique_ptr<SystemTrustStore> CreateSslSystemTrustStore() {
 
 namespace {
 
-constexpr char kRootCertsFileFuchsia[] = "/system/data/boringssl/cert.pem";
+constexpr char kRootCertsFileFuchsia[] = "/config/ssl/cert.pem";
 
 class FuchsiaSystemCerts {
  public: