Fix SSL certificate cache refresh and collision handling (#40)

Fix SSL certificate cache refresh and collision handling (#40)

SslBump was ignoring some origin server certificate changes or differences,
incorrectly using the previously cached fake certificate (mimicking
now-stale properties or properties of a slightly different certificate).
Also, Squid was not detecting key collisions inside certificate caches.

On-disk certificate cache fixes:

    Use the original certificate signature instead of the certificate
    subject as part of the key. Using signatures reduces certificate key
    collisions to deliberate attacks and woefully misconfigured origins,
    and makes any mishandled attacks a lot less dangerous because the
    attacking origin server certificate cannot by trusted by a properly
    configured Squid and cannot be used for encryption by an attacker.

    We have considered using certificate digests instead of signatures.
    Digests would further reduce the attack surface to copies of public
    certificates (as if the origin server was woefully misconfigured).
    However, unlike the origin-supplied signatures, digests require
    (expensive) computation in Squid, and implemented collision handling
    should make any signature-based attacks unappealing. Signatures won
    on performance grounds.

    Other key components remain the same: NotValidAfter, NotValidBefore,
    forced common name, non-default signing algorithm, and signing hash.

    Store the original server certificate in the cache (together with
    the generated certificate) for reliable key collision detection.

    Upon detecting key collisions, ignore and replace the existing cache
    entry with a freshly computed one. This change is required to
    prevent an attacker from tricking Squid into hitting a cached
    impersonating certificate when talking to a legitimate origin.

In-memory SSL context cache fixes:

    Use the original server certificate (in ASN.1 form) as a part of the
    cache key, to completely eliminate cache key collisions.

Other related improvements:

    Make the LruMap keys template parameters.
    Polish Ssl::CertificateDb class member names to match Squid coding
    style. Rename some functions parameters to better match their
    meaning.
    Replace Ssl::CertificateProperties::dbKey() with:
        Ssl::OnDiskCertificateDbKey() in ssl/gadgets.cc for
        on-disk key generation by the ssl_crtd helper;
        Ssl::InRamCertificateDbKey() in ssl/support.cc for
        in-memory binary keys generation by the SSL context memory cache.
    Optimization: Added Ssl::BIO_new_SBuf(SBuf*) for OpenSSL to write
    directly into SBuf objects.

This is a Measurement Factory project.