We should improve our diagnostics for TLS errors, specifically prompted by the lack of information available when debugging intermitted "certificate expired" errors, such as HELP-77502.

Dumping the list of trusted certificates and the server certificate we've received into our logs should be feasible in general, but we need to get access to these through the APIs we're calling – if we want to include debugging driver behavior, that would depend on a Node.js driver project (NODE-6601), but given that this mainly appears to be a problem with OIDC these days, we could try to just do this ourselves.