Add a way to enforce encrypted transfer on client side

[chrysn]

Currently, OSCORE is enabled on a client's request by providing OSCORE credentials to that server. A user might be misled to think that having such credentials in place is sufficient to guarantee that the request will be protected, while in fact this is only the case if the OSCORE transport is loaded, which can (with default autodetected transports) change abruptly, eg. when python is upgraded but some CFFI or other crypto backend stuff goes wrong during installation.

An explicit API for "only transport this request over secure transports" would be helpful.