golang.org/x/crypto/x509roots/fallback: high, unskippable, init cost

tl;dr importing golang.org/x/crypto/x509roots/fallback adds ~8ms to the startup time of every program or library that imports it. I would like this cost to be zero and would be happy to contribute a fix.

Running the following program:

    package main
    import _ "golang.org/x/crypto/x509roots/fallback"
    func main() {}

with the command:

    $ go build -o tmp main.go

    $ GODEBUG=inittrace=1 ./tmp |& awk '{print $5, $6, $2}' | sort -n | tail -n 3
    0.043 ms internal/godebug
    0.052 ms runtime
    8.8 ms golang.org/x/crypto/x509roots/fallback

shows that golang.org/x/crypto/x509roots/fallback adds an 9ms start-up cost on a fast CPU (AMD Ryzen 8700G). This cost is paid whether or not the fallback X.509 certificates are used or not.

From looking at the code, it seems that the CPU is cost is due to parsing about 150 certificates in .PEM format in the package's unskippable init function.

The obvious, easy, backwards-compatible fix would be to parse the .PEM files while executing the template that generates bundle.go, instead of parsing them every time at startup.

Would you accept a CL to fix this?

Tom