Improve rustls CA certificate loading

[inejge]

As an enhancement to #568, add a basic cross-platform CA certificate loading crate and make the download crate use it when compiled with rustls support.

The CA loader crate has seen preliminary testing on Windows, OS X, and a couple of Linux distros. It loads the system root CAs on all of those, with the caveats that a) on CentOS, the default CA bundle contains a line which is invalid UTF-8; a fix for rustls to be more robust is ready and a PR will be opened presently, b) Windows and OS X don't use any kind of local policy to filter out certificates, so all certs which can be enumerated are trusted, c) *BSDs, Android, and Solaris haven't seen any testing.

The loader crate presently lacks any documentation and its error handling is rudimentary. That is being worked on.

[inejge]

The ARM build that failed did so because of an incomplete installation:

curl: (18) transfer closed with 15083604 bytes remaining to read
rustup: command failed: curl -# -C - -f -O https://static.rust-lang.org/dist/2016-05-10/rust-std-nightly-arm-unknown-linux-gnueabihf.tar.gz
rustup: couldn't download 'https://static.rust-lang.org/dist/2016-05-10/rust-std-nightly-arm-unknown-linux-gnueabihf.tar.gz'

[brson]

Totally badass.