Support displaying remote (signed) time (tlsdate)

[cfcs]

It would be great to have a pure-ocaml alternative to https://github.com/ioerror/tlsdate for pulling the time from a remote server in cases where the client does not have the correct time set.

Such a feature might require examining the remote timestamp sent in the server random, making a new connection mirroring that, and verifying the server/peer signature on the exchange (including the server random) at the end.

I believe this pull makes it relatively straight forward: https://github.com/mirleft/ocaml-tls/pull/297

[hannesm]

I think the support should rather be in the tlsclient application