undici ProxyAgent silently ignores requestTls with SOCKS5 proxy

ProxyAgent drops the requestTls option when configured with a SOCKS5 proxy URI, causing TLS settings like ca, cert, key, rejectUnauthorized, and servername to be ignored and fall back to Node's default trust store.

Applications using undici's ProxyAgent or Socks5ProxyAgent with SOCKS5 and relying on requestTls for TLS scope restriction.

Upgrade to undici v7.28.0 or v8.5.0, or route traffic through an HTTP-proxy ProxyAgent instead.