Remove memorizing trust manager

[dbrgn]

This is based on #69, so merge that one first.

I would propose to remove the MemorizingTrustManager. It's a nice tool, but it increases maintenance effort. Right now, we have a conflict between the build tools that we use ourselves and the build tools that the library uses. It's fixable of course, but on the other hand, we are accessing purely public information. Do we really need to verify fingerprints of untrusted TLS certificates to access that public information?

What are your thoughts, @rorist?

[rorist]

I see no problem removing this lib, this was not really needed as there nothing critical done with the data as far as I can see. This was just feeling wrong to disable cert check :)

Also it possibly introduced some memory leak propagating the app context to this 3rd party..

It was added in b8b9ec4

Would you need to disable cert validation though ? something like this 2cecb98#diff-aa8b212ccdffa5693a50f4b15c83ee1fR39

[dbrgn]

Would you need to disable cert validation though?

Good question. You're right, right now self-signed certs are rejected:

In times where getting a valid certificate is easy (with Let's Encrypt), do we want to allow self-signed certificates, or do we want to require a valid trust anchor?

(Note that plain-HTTP URLs are still possible if someone does not want to set up HTTPS.)

(CC @gidsi @rnestler)

[dbrgn]

@rorist I'll merge the trust manager removal commit into the "updates" PR (#69), since it prevents the tests from succeeding. We can discuss the trust settings in another issue :)