Adds default CA Certificate verification

[pforman-zymergen]

With "verify=False" set, urllib3 would log every call as:

/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)

That's pretty verbose.

Kubernetes normally puts the ca.crt file in with the service token, so we can use that to verify TLS requests and stop the logging.

Added a K8S_CA_CERT_PATH environment variable, which defaults to the K8s ca.crt file. This "just works" on my install.

Also added a "--insecure-tls" option to restore the former behavior for local testing or anywhere that the CA isn't available.

I updated the README with this behavior.

Minor:
Changed total retries to 3 to match connect, as TLS negotiation failures don't count as connect errors, and the default timeout was reaching minutes.
Sorted imports and added getopt for the --insecure-tls option.

[deadc]

Thank you for your contribution, it's very important to us! ❤️