feat(mobile): allow self-signed certificate on the mobile app (#4051)

* WIP: self-signed certs accept

* WIP: format

* WIP: pushing up adding settings menu

* Add serverEndpointURL check

* Add translation update

* Handle errors properly

* format

* typo

* cleanup

* styling and permission

* remove deadcode

* put pack condition

* styling

* remove hiding settings options

* format + match drop shadow

* match color

* remove deadcode

---------

Co-authored-by: Alex <alex.tran1502@gmail.com>

mobile/lib/utils/http_ssl_cert_override.dart

@@ -0,0 +1,37 @@
+import 'dart:io';
+import 'package:immich_mobile/modules/settings/services/app_settings.service.dart';
+import 'package:immich_mobile/shared/models/store.dart';
+import 'package:logging/logging.dart';
+
+class HttpSSLCertOverride extends HttpOverrides {
+  @override
+  HttpClient createHttpClient(SecurityContext? context) {
+    return super.createHttpClient(context)
+      ..badCertificateCallback = (X509Certificate cert, String host, int port) {
+        var log = Logger("HttpSSLCertOverride");
+
+        AppSettingsEnum setting = AppSettingsEnum.allowSelfSignedSSLCert;
+        
+        // Check if user has allowed self signed SSL certificates.
+        bool selfSignedCertsAllowed =
+            Store.get(setting.storeKey as StoreKey<bool>, setting.defaultValue);
+
+        bool isLoggedIn = Store.tryGet(StoreKey.currentUser) != null;
+
+        // Conduct server host checks if user is logged in to avoid making
+        // insecure SSL connections to services that are not the immich server.
+        if (isLoggedIn && selfSignedCertsAllowed) {
+          String serverHost =
+              Uri.parse(Store.tryGet(StoreKey.serverEndpoint) ?? "").host;
+
+          selfSignedCertsAllowed &= serverHost.contains(host);
+        }
+
+        if (!selfSignedCertsAllowed) {
+          log.severe("Invalid SSL certificate for $host:$port");
+        }
+
+        return selfSignedCertsAllowed;
+      };
+  }
+}