Multiple trust chains for server verification

[chucklever]

We believe that it might be common that either a TLS-enabled client or server might reside in more than one trust domain. It should be possible for the upper layer consumer (eg, NFS/RPC) to specify both a certificate and a specific trust bundle when initiating a TLS session.

Currently, an administrator can specify that tlshd use the system's default trust bundle, or one particular trust bundle for all in-kernel TLS consumers. This mechanism needs to be more flexible.