* Incorporates #190 without breaking compatibility towards old Python versions.
* A new plugin allows authenticating clients by the "common name" defined in their certificate.
* Added manual for certificate-based client authentication, including hints to which Python versions allow client certificate authentication.
* Adjusted test to work with new ssl.create_default_context.
This commit reworks auth plugins slightly to enable
support for HTTP authentication. By raising an
AuthenticationError, auth plugins can now return
HTTP responses to the upgrade request (such as 401).
Related to kanaka/noVNC#522
Auth plugins provide a generic interface for authenticating requests.
The plugin name is specified using the '--auth-plugin' option, and
may either be the name of a class from `websockify.auth_plugins`,
or a fully qualified python path to the auth plugin class (see below).
An optional plugin parameter can be specified using the '--auth-source'
option (a value of `None` will be used if no '--auth-source' option is
specified).
Auth plugins should inherit from `websockify.auth_plugins.BasePlugin`,
and should implement the `authenticate(headers, target_host, target_port)`
method. The value of the '--auth-source' option is available as
`self.source`.
One plugin is currently included: `ExpectOrigin`. The `ExpectOrigin`
plugin checks that the 'Origin' header is an expected value. The list
of acceptable origins is passed using the plugin source, as a
space-separated list.