Permit trusted self-signed certificates

[Ichbinjoe]

Self-signed certificates are both an end-entity as well as a certificate
authority in the eyes of webpki - since we have ultimate trust in the
supplied trust anchors, a certificate supplied with the same subject as a
trust anchor and is directly signed by the same trust anchor should also
be valid, even though the certificate supplied might still be a CA.

Alternate to #127 and fixes #114. Unlike #127, this change has no public facing API change and doesn't require marking certain certificates as explicitly self-signed.

[codecov]

Codecov Report

Merging #170 (04caeca) into master (28951a0) will increase coverage by 0.28%.
The diff coverage is 88.00%.

@@            Coverage Diff             @@
##           master     #170      +/-   ##
==========================================
+ Coverage   73.91%   74.20%   +0.28%     
==========================================
  Files          14       14              
  Lines        1357     1380      +23     
==========================================
+ Hits         1003     1024      +21     
- Misses        354      356       +2     

Impacted Files	Coverage Δ
src/verify_cert.rs	88.17% <76.92%> (-0.89%)	⬇️
tests/integration.rs	100.00% <100.00%> (ø)
src/calendar.rs	90.10% <0.00%> (+1.09%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 28951a0...04caeca. Read the comment docs.

[briansmith]

Thank you. Please see #114 (comment) to understand why I'm closing this.