This updates most of our certificate-related error handlers to catch
CertificateVerificationError
and to return information on the
certificate.
Most of this is in the API. We're re-using the UNVERIFIED_HOST_CERT
for the response. Previously, in most cases, SSL errors were treated as
generic SCMError
s, so this will be a change for callers, but is not
considered an API breakage.
There are other places in the codebase that still need to handle this
error, and will be updated as more of the SSL cert code is completed.