Support os_cacert

Currently os_cacert is not respected for the underlying Ironic
and Heat clients because it is not passed on to those clients.

This does currently require accessing a private member of the
self._instance object, but in looking at the upstream ironic plugin
I see it is also doing that (and the code there seems to
automatically handle the cacert option), so I think we can revisit
the question once the upstream plugin merges.  If it's considered
acceptable there then it probably is here too.

Also, the upstream plugin is using a different method of creating
the client, and at some point we should converge the two, so this
code may go away in the future anyway.

Change-Id: Ic122b0eedc6ed99bd11b2d0c347e7e9740e6dba6

rdomanager_oscplugin/plugin.py

@@ -87,7 +87,8 @@ class ClientWrapper(object):
         token = self._instance.auth.get_token(self._instance.session)
 
         self._baremetal = ironic_client.get_client(
-            1, os_auth_token=token, ironic_url=endpoint)
+            1, os_auth_token=token, ironic_url=endpoint,
+            ca_file=self._instance._cli_options.os_cacert)
 
         return self._baremetal
 
@@ -123,6 +124,7 @@ class ClientWrapper(object):
             password=self._instance._password,
             region_name=self._instance._region_name,
             insecure=self._instance._insecure,
+            ca_file=self._instance._cli_options.os_cacert,
         )
 
         self._orchestration = client