fix: Do not allow tls connections to Vault with TLS Verification

Fixes NVBug 5999702

Signed-off-by: Ian Anderson <ianderson@nvidia.com>

Author: ianderson-nvidia

crates/secrets/src/forge_vault.rs

@@ -106,7 +106,11 @@ where
                 .ca_certs(vec![vault_client_config.vault_root_ca_path.clone()])
                 .verify(true)
         } else {
-            vault_client_settings_builder.verify(false)
+            tracing::error!(
+                "Vault root CA not found at {}. Refusing to connect without TLS verification.",
+                vault_client_config.vault_root_ca_path
+            );
+            return Err(eyre!("Vault root CA not found"));
         };
 
     Ok(vault_client_settings_builder.build()?)