Fix HTTP::Client certificate validation error on FQDN (host with trailing dot)

[compumike]

Fixes #12777

I have tested this change and it works for me.

The test I added to spec/manual/https_client_spec.cr fails without this change, and passes with it.

[compumike]

I've applied @HertzDevil 's suggested change.

Are there any other changes desired before this can be merged?

If it helps, to clarify my urgency / security implications / technical use-case, I'd like to use this in production as I'm adding an HTTP endpoint uptime & latency monitoring feature to my on-call rotations / monitoring / alerting SaaS. I prefer to always use a fully-qualified domain when connecting to any customer-specified endpoints so that I can be sure that the user-specified URLs aren't inadvertently (or maliciously) probing my internal infrastructure. (Obviously I also need to disallow known internal hosts, /^.+\.local\.?$/i for example. In my Kubernetes cluster environment, the search line from /etc/resolv.conf looks like search my_namespace_redacted.svc.cluster.local svc.cluster.local cluster.local.) To accomplish this security improvement, I simply modify any parsed URI host and make sure it has a trailing dot before I send to HTTP::Client. But this security improvement is currently broken for scheme == "https" without this PR.

[beta-ziliani]

Thanks!

[straight-shoota]

@compumike This is off topic, but considering FQDN resulution as a security mechanism sounds concerning to me. I'm not too deep into this topic, but I could spot some potential loopholes.
For example, a user-provided domain name could could resolves to a CNAME record that points to an internal domain name which might cause your nameserver to resolve to that.
If you don't want internal domain names to be accessible for domain resolution, I'd use a DNS resolver for user-provided domains that doesn't know about any internals.

[compumike]

@straight-shoota I greatly appreciate the way you think 😄 -- will consider that suggestion and consider other ways of restricting the reach of user-provided URLs at both the DNS level and the IP level. Thank you!