tls: allow trusting keys instead of certificates

[thegrumble]

Certificate fingerprints in irc.server.*.ssl_fingerprint are the only option that weechat offers for trusting TLS servers besides the PKI as of writing this feature request.

Being able to trust certain public keys instead of certificates would be useful for IRC networks that renew expired certificates while reusing the same key pair(s).

IRC networks that follow this practice include AlphaChat (provided I understood this page correctly, someone please correct me if I'm wrong) and freenode (which is planning to renew certificates with the same key pairs in the future).

This feature request is in no small part inspired by HTTP Public Key Pinning and the new certificate and pubkey pinning features in irssi 1.0.0 (irssi/irssi#557 for reference).

Since a good part of the work required to add this feature is probably specific to the TLS library, it might make sense to resolve this as the same time as #863.

[maxteufel]

maxteufel/weechat@bfb3945897b114df895b8ff963a32804b400753d might be a start for anyone who wants to look into it. It works with some limitations specified in the commit message but it was only a small experiment so I'm not sure if I will work more on this.