Security: Update bundled Root Certificates.

The Root Certificate bundle maintained by Mozilla ships in WordPress to allow SSL certificates to be verified on hosts with incomplete, outdated, or invalid local SSL configurations.

This updates the ca-bundle.crt file to the latest version, which applies upstream changes from the bundle maintained by Mozilla and keeps all unexpired legacy 1024bit certificates which are kept for backward compatibility purposes (see [35919]).

Partially merges [37431], [46094], [58707], [59740] and [59969] to the 4.5 branch.

Props johnbillion, desrosj, whyisjake, ayeshrajans, SergeyBiryukov, swissspidy, skithund, barry, paragoninitiativeenterprises, ocean90, DrewAPicture.
See #62811, #62711, #50828, #45807, #36835.