Make provider `proxy.from_env = true` default + enforce "scheme determines client" in `tls_certificate` data source

[detro]

Terraform CLI and Provider Versions

• cli >= 0.12
• provider >= 3.2.1

Use Cases or Problem Statement

As part of the work for #96 (#179) we have identified a couple of places where the overall design and behaviour of the provider around the tls_certificate data source can be improved.

• the provider should pick up Proxy configuration from env variables by default, like for many other providers (including the AWS Provider)
• using the argument url = "https://..." should imply that underneath you are using an actual HTTP client

Previous thread about this: #179 (comment)

Proposal

As part of the 4.x major release of this provider, we should:

• make the provider discover Proxy configuration from env vars by default (i.e. proxy.from_env = true by default, instead of the current false)
• enforce https:// -> http.Client, tls:// -> tls.Client

How much impact is this issue causing?

Low

Additional Information

It's important to note that for configurations where url = "https://...", the behaviour and potentially the certificate fetched by tls_certificate would change. This is because setting the scheme https:// in the url, would switch on the use of http.Client to execute the HTTP GET.

Compared to the tls.Client currently in use for everything except for Proxy-enabled configurations, the http.Client will follow redirects via the Location: HTTP header.
This could imply that a different certificate is fetched, if one https:// endpoint sends to another one via redirect.

Code of Conduct

• I agree to follow this project's Code of Conduct

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.