[NET] Refactor TLS configuration.

Use a TLSOptions configuration object which is created via static
functions.

- "TLSOptions.client": uses the standard CA and common name verification.
- "TLSOptions.client_unsafe": uses optional CA verification (i.e. if specified)
- "TLSOptions.server": is the standard server configuration (chain + key)

This will allow us to expand the TLS configuration options to include
e.g. mutual authentication without bloating the classes that uses
StreamPeerTLS and PacketPeerDTLS as underlying peers.

modules/websocket/doc_classes/WebSocketPeer.xml

@@ -58,10 +58,9 @@
 		<method name="connect_to_url">
 			<return type="int" enum="Error" />
 			<param index="0" name="url" type="String" />
-			<param index="1" name="verify_tls" type="bool" default="true" />
-			<param index="2" name="trusted_tls_certificate" type="X509Certificate" default="null" />
+			<param index="1" name="tls_client_options" type="TLSOptions" default="null" />
 			<description>
-				Connects to the given URL. If [param verify_tls] is [code]false[/code] certificate validation will be disabled. If specified, the [param trusted_tls_certificate] will be the only one accepted when connecting to a TLS host.
+				Connects to the given URL. TLS certificates will be verified against the hostname when connecting using the [code]wss://[/code] protocol. You can pass the optional [param tls_client_options] parameter to customize the trusted certification authorities, or disable the common name verification. See [method TLSOptions.client] and [method TLSOptions.client_unsafe].
 				[b]Note:[/b] To avoid mixed content warnings or errors in Web, you may have to use a [code]url[/code] that starts with [code]wss://[/code] (secure) instead of [code]ws://[/code]. When doing so, make sure to use the fully qualified domain name that matches the one defined in the server's TLS certificate. Do not connect directly via the IP address for [code]wss://[/code] connections, as it won't match with the TLS certificate.
 			</description>
 		</method>