hgweb: use sslutil.wrapserversocket() This patch transitions the built-in HTTPS server to use sslutil for creating the server socket. As part of this transition, we implement developer-only config options to control CA loading and whether to require client certificates. This eliminates the need for the custom extension in test-https.t to define these. There is a slight change in behavior with regards to protocol selection. Before, we would always use the TLS 1.0 constant to define the protocol version. This would *only* use TLS 1.0. sslutil defaults to TLS 1.0+. So this patch improves the security of `hg serve` out of the box by allowing it to use TLS 1.1 and 1.2 (if available).

# The test-repo is a live hg repository which may have evolution
# markers created, e.g. when a ~/.hgrc enabled evolution.
#
# Tests are run using a custom HGRCPATH, which do not
# enable evolution markers by default.
#
# If test-repo includes evolution markers, and we do not
# enable evolution markers, hg will occasionally complain
# when it notices them, which disrupts tests resulting in
# sporadic failures.
#
# Since we aren't performing any write operations on the
# test-repo, there's no harm in telling hg that we support
# evolution markers, which is what the following lines
# for the hgrc file do:
cat >> $HGRCPATH << EOF
[experimental]
evolution=createmarkers
EOF