Refactor: libcrmcommon: Report on gnutls cert verification errors.

With the previous patch, there's now no reporting on certificate errors.
In the case of an expired certificate at least, there's really no way to
now see that's what's going on - buried somewhere in the log file,
there'll be an error about the pull function, and nothing will work, and
that's it.

You can get a bit of a clue if you up the gnutls log level (which
requires editing the source), adding tls.c to PCMK_trace_files, and then
adding an additional log message at various points after the
gnutls_handshake functions (which also requires editing the source).

This code just does what we were doing previously, but no longer in our
own custom validation function. It comes from the client example at:

https://www.gnutls.org/manual/html_node/Client-example-with-X_002e509-certificate-support.html