Improve UX around certificate errors

- When we get a `javax.net.ssl.SSLHandshakeException` check if it looks like an issue with a missing CA.
- If so, surface information on how to add the CA via keytool (link to docs).
- Ideally give the path to the trust store if it is possible to get that information.