Use --insecure to download curl source & deps where necessary

Library/Homebrew/api.rb

@@ -54,9 +54,11 @@ def self.fetch_json_api_file(endpoint, target: HOMEBREW_CACHE_API/endpoint,
         --speed-time #{ENV.fetch("HOMEBREW_CURL_SPEED_TIME")}
       ]
 
-      insecure_download = (ENV["HOMEBREW_SYSTEM_CA_CERTIFICATES_TOO_OLD"].present? ||
-                           ENV["HOMEBREW_FORCE_BREWED_CA_CERTIFICATES"].present?) &&
-                          !(HOMEBREW_PREFIX/"etc/ca-certificates/cert.pem").exist?
+      insecure_download = ((!DevelopmentTools.ca_file_handles_most_https_certificates? ||
+                            ENV["HOMEBREW_FORCE_BREWED_CA_CERTIFICATES"].present?) &&
+                           !(HOMEBREW_PREFIX/"etc/ca-certificates/cert.pem").exist?) ||
+                          (!DevelopmentTools.curl_handles_most_https_certificates? &&
+                           !HOMEBREW_BREWED_CURL_PATH.exist?)
       skip_download = target.exist? &&
                       !target.empty? &&
                       (!Homebrew.auto_update_command? ||
@@ -69,8 +71,9 @@ def self.fetch_json_api_file(endpoint, target: HOMEBREW_CACHE_API/endpoint,
           args = curl_args.dup
           args.prepend("--time-cond", target.to_s) if target.exist? && !target.empty?
           if insecure_download
-            opoo "Using --insecure with curl to download #{endpoint} " \
-                 "because we need it to run `brew install ca-certificates`. " \
+            package = DevelopmentTools.curl_handles_most_https_certificates? ? "ca-certificates" : "curl"
+            opoo "Using `--insecure` with curl to download #{endpoint} " \
+                 "because we need it to run `brew install #{package}`. " \
                  "Checksums will still be verified."
             args.append("--insecure")
           end

Library/Homebrew/download_strategy.rb

@@ -572,7 +572,8 @@ def _curl_args
 
     if meta[:insecure]
       unless @insecure_warning_shown
-        opoo "Using --insecure with curl to download `ca-certificates` " \
+        package = DevelopmentTools.curl_handles_most_https_certificates? ? "ca-certificates" : "curl"
+        opoo "Using `--insecure` with curl to run `brew install #{package}` " \
              "because we need it installed to download securely from now on. " \
              "Checksums will still be verified."
         @insecure_warning_shown = true

Library/Homebrew/resource.rb

@@ -53,10 +53,12 @@ def owner=(owner)
     @owner = owner
     patches.each { |p| p.owner = owner }
 
-    return if !owner.respond_to?(:full_name) || owner.full_name != "ca-certificates"
+    return if !(owner.respond_to?(:full_name) && owner.full_name == "ca-certificates") &&
+              !(!DevelopmentTools.curl_handles_most_https_certificates? && !HOMEBREW_BREWED_CURL_PATH.exist?)
     return if Homebrew::EnvConfig.no_insecure_redirect?
 
-    @insecure = !specs[:bottle] && !DevelopmentTools.ca_file_handles_most_https_certificates?
+    @insecure = !specs[:bottle] && (!DevelopmentTools.ca_file_handles_most_https_certificates? ||
+                                    !DevelopmentTools.curl_handles_most_https_certificates?)
     return if @url.nil?
 
     specs = if @insecure