QUIC TLS certs and keys.

This adds --quic-tls-cert and --quic-tls-key options to the server
(separate from --cert and --key); and a quic-tls-pubkey SOCKS arg (with
equivalent --quic-tls-pubkey command-line option) to the client.