Convenience functions for rustls client configuration are now in a
ConfigBuilderExt trait extending rustls::ConfigBuilder.

Disables sct validation with certificate transparency logs, which can't
be enabled (in a way that would be as compatible as chromium) without a
bunch of intrusive policies to deal with validity/expiration.

Parts of ConfigBuilderExt::with_native_roots come from
rustls::RootCertStore::add_parsable_certificates, which cannot be
used directly due to a newtype in rustls-native-certs.

This gives more control over various rustls features,
as well as ensures that enabling connector features
like http1/http2 can only be done when the appropriate
crate features are enabled.

tls12 and logging are rustls features we enable by default,
as does rustls, exposing them explicitly allows users
to disable them by disabling hyper-rustls default features.

Make sure tests run with tls12 by enabling it in dev-dependencies,
because windows tests (at least in CI) seem to run with an outdated
version of curl that doesn't support TLS 1.3.

The extensions to rustls::ClientConfig in ClientConfigExt
that set root certificates now do just that, they don't go on to
configure / disable client auth.

The builder traits are unchanged, they set convenient defaults
(no client auth) but allow passing a custom rustls::ClientConfig.

This is the default for a rustls ClientConfig.  We assert this
to be future proof in case we want to extend the interface by
handling pre-defined alpn_protocols later.