securedht: support external certificate store

With setLocalCertificateStore, add an optional
custom callback to find an immediately available
certificate to use for encryption etc.