The TLS handshaking using certificate authentification leaks
them: they are exchanged before cryptographic parameters,
so the are in plaintext. This is an issue in TLS protocol itself.

So this patch implements a new method to make a crypted channel
first, then uses it to exchange certificates and permit trusted
authentification based on certificates.

This implementation is backware compatible.
This is implies that old daemon can continue to work with patched one,
but in such case certificates are leaked!

Change-Id: Id5906df37b29bb938abdcdf25b875052527437e8
Tuleap: #494