`Identity` should be a factory

[obsgolem]

Currently, Identity is given a PKCS#12 or PKCS#8 blob. This does not encompass several usecases, including smartcards, whose private key is non-exportable. In order to fix this, Identity should be changed to be a factory that returns an imp::Identity.

Basic factories on Windows would be

• A factory that prompts a user for a key using Window's built in method for doing so (I believe the relevant function would be CryptUIDlgSelectCertificateFromStore).
• A similar factory that remembers your choice for the process duration

I expect MacOS has a similar system for prompting the user to choose a cert. I don't know if Linux does, but factories should still be applicable there.

The one usecase this wouldn't support is choosing an identity based on what identities the server says it will accept, but that extension should be doable.

[sfackler]

If you can design a cross-platform interface for that kind of identity it seems doable to add.