Adding roots.pem from Mozilla and associated logic.

- The roots.pem file has been generated from
  https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt
  using
  https://github.com/agl/extract-nss-root-certs

include/grpc/grpc_security.h

@@ -73,8 +73,11 @@ typedef struct {
 
 /* Creates an SSL credentials object.
    - pem_roots_cert is the NULL-terminated string containing the PEM encoding
-     of the server root certificates. If this parameter is NULL, the default
-     roots will be used.
+     of the server root certificates. If this parameter is NULL, the
+     implementation will first try to dereference the file pointed by the
+     GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable, and if that fails,
+     get the roots from a well-known place on disk (in the grpc install
+     directory).
    - pem_key_cert_pair is a pointer on the object containing client's private
      key and certificate chain. This parameter can be NULL if the client does
      not have such a key/cert pair.  */

src/core/security/security_context.c

@@ -402,6 +402,7 @@ static grpc_security_context_vtable ssl_server_vtable = {
 static gpr_slice default_pem_root_certs;
 
 static void init_default_pem_root_certs(void) {
+  /* First try to load the roots from the environment. */
   char *default_root_certs_path =
       gpr_getenv(GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR);
   if (default_root_certs_path == NULL) {
@@ -410,7 +411,11 @@ static void init_default_pem_root_certs(void) {
     default_pem_root_certs = gpr_load_file(default_root_certs_path, NULL);
     gpr_free(default_root_certs_path);
   }
-  (void) installed_roots_path;
+
+  /* Fall back to installed certs if needed. */
+  if (GPR_SLICE_IS_EMPTY(default_pem_root_certs)) {
+    default_pem_root_certs = gpr_load_file(installed_roots_path, NULL);
+  }
 }
 
 size_t grpc_get_default_ssl_roots(const unsigned char **pem_root_certs) {