SSL/TLS client-authentication / client-side certificate verification

Also some other improvements:

- Make the configuration settings of security (SSL/TLS) less mandatory (sane defaults) so that you can run with default key and trust stores if you wish (on platforms like heroku it's not so easy to know where the defaul trust store is for instance)

- Hostname verification. The JSSE spec says that when you use a raw SSLEngine you should do hostname verification yourself.

- Support for SSL certificate pinning.