Add optional upstream certificate validation

Currently, SSLsplit does not validate the upstream server certificates and silently accepts hostname mismatches, untrusted roots, expired certificates, self-signed certificates etc. This is intended and appropriate for the intended use cases of SSLsplit. However, in some situations it may be desirable to do full certificate validation and either log errors, or refuse connection to servers which fail validation.