Cope with lack of gnutls_certificate_set_key() in GnuTLS 2.12
We *can* use arbitrary privkeys, by using the cert_callback to provide
them on demand.
And even without gnutls_privkey_import_ext() to give us a constructed
privkey that represents the TPM key, we can cope by registering a
sign_callback on the TLS session.
This means that we can support the TPM, and also fix the lack of extra
supporting certs and expiry check when using PKCS#11 certs with GnuTLS 2.12.
It also means my code is an even bigger mess of #ifdefs than it was before.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>