For more information https://blog.jeroenhd.nl/article/android-7-nougat-and-certificate-authorities
Ran into this issue as well while trying to check for privacy implications of an app. The blog post and docs linked above does explain what happened, but not how. Source code references follows based on nougat-mr2.3.
The change was made in commit aosp-mirror/platform_frameworks_base@32d2a10, see frameworks/base:core/java/android/security/net/config/NetworkSecurityConfig.java. After that change, only the [system root store](https://github.com/android/platform_frameworks_base/blob/nougat-m