CertificateManager is a high-level interface for the SSL certificate

storage backends and verification, providing convenient functions for

adding, deleting, and fetching CA bundles, certificates, and verified

fingerprints.
These interface with the storage backend, switching backends if settings

are updated, to manage the storage of the data.
When adding certificates, their fingerprints are recorded in the

verified fingerprints store and cached for faster lookup. When deleting,

these are removed. This ensures that an uploaded certificate can be

checked either by fingerprints or by stored certificate, depending on

the needs of the consumer.
A utility function is available for creating a SSLContext

pre-populated with any relevant CA bundles, certificates, and private

keys. Another piggy-backs on that to provide urlopen() keyword

arguments relevant to the URL, making it easy to tie all requests in to

certificate storage.
There's room for further improvement, including enhanced caching. A TODO

has been left in intentionally to make note of this, and the

functionality will be introduced down the road.

Unit tests pass.
Tested some of this with in-progress code for hooking up SCMs.