ssl::server_name options to control matching logic.

ssl::server_name options to control matching logic.

Many popular servers use certificates with several "alternative subject
names" (SubjectAltName). Many of those names are wildcards. For example,
a www.youtube.com certificate currently includes *.google.com and 50+
other subject names, most of which are wildcards.

Often, admins want server_name to match any of the subject names. This
is useful to match any server belonging to a large conglomerate of
companies, all including some *.example.com name in their certificates.
The existing server_name functionality addresses this use case well.

The new ACL options address several other important use cases:

--consensus identifies transactions with a particular server when
  server's subject name is also present in certificates used by many other
  servers (e.g., matching transactions with a particular Google server but
  not with all Youtube servers).

--client-requested allows both (a) SNI-based matching even after
  Squid obtains the server certificate and (b) pinpointing a particular
  server in a group of different servers all using the same wildcard
  certificate (e.g., matching appengine.example.com but not
  www.example.com when the certificate for has *.example.com subject).

--server-provided allows matching only after Squid obtains the server
  certificate and matches any of the conglomerate parts.

Also this patch fixes squid to log client SNI when client-first bumping mode
is used too.

This is a Measurement Factory project.