SSL client cert patch submitted

I just submitted a patch to support SSL client certificates.
With this patch the Port structure is extended to include a
new field, 'peer', that contains the client certificate if
offered.

This patch also cleans up the SSL code. Most of this should
be invisible to users, with the exception of a new requirement
that private keys be regular files without world- or group-access,
a standard requirement for private keys. The patch should also
be much more secure with the addition of support for empheral DH
keys.

To use it, you must create a new client cert, e.g., with

openssl req -new -x509 -newkey rsa:1024 -keyout key.pem \
-nodes -out cert.pem -days 365

chmod go-rwx key.pem

then specify the location of these files with two environment
variables:

set PGCLIENTCERT=cert.pem; export PGCLIENTCERT
set PGCLIENTKEY=key.pem; export PGCLIENTKEY

(or maybe libpq should just look in $HOME/.postgresql/..., similar
to how ssh(1) works.) The postmaster log should show something like

DEBUG: SSL connection from /DC=com/DC=example/CN=BearGiles/Email=bgiles(at)example(dot)com with cipher EDH-RSA-DES-CBC3-SHA

(after restarting postmaster, obviously).

The patch description contains a brief discussion of other
issues (TLSv1, renegotiation, mapping client certs to users).

Bear