Add support for custom certificate validation to std.crypto.tls.Client

[Chris3606]

Currently, I don't see a way to customize the certificate validation that takes place, or even to toggle it. Although not a particularly good example with respect to security, I'm thinking of a use case like curl, which provides the -k/--insecure flag allowing you to toggle off hostname validation.

Not sure what degree of versatility/"footgun" type of options are desirable for the standard library, particularly in an area as important to security as certificate validation; however given a custom TLS implementation is difficult to write correctly, it seems like value could be added. Other common TLS implementations like mbedtls do provide ways to customize elements of cert validation (for example, via mbedtls_ssl_conf_verify(), and it may have implications for programs designed to run in environments with custom or self-signed CAs.

[clickingbuttons]

Would an insecure option and a customizable ca_bundle be enough? That'd allow self signed CAs to be skipped or validated (assuming you have access to the self-signed cert public keys).

What else do you need a callback for?