Add support for using custom certificate path for secured connection #31
Description
Is your feature request related to a problem?
To establish a secure connection, the client requires a public CA certificate used by the database. Not all clients have the possibility to place certificates in the default location (see, e.g. Discuss question around Azure Functions: https://discuss.eventstore.com/t/tcp-sdk-21-2-0-ssl-certificate/3790). Currently, we're loading the default certificates from the system location.
Some gRPC clients (e.g. NodeJS, see: kurrent-io/KurrentDB-Client-NodeJS#157) already supports this with tlsCAFile, see the RFC-17.
Describe the solution you'd like
Adding tlsCAFile support to connection string and settings accordingly as in the gRPC.
The verification should be probably done in the ValidateServerCertificate method. We'd need to load the certificate file and validate it against the database cert. We could optimise that by loading the file on the connection initialisation, doing the validation and setting the parameter and checking it here (or some other lazy evaluation).
Describe alternatives you've considered
I tried to use the custom HttpMessageHandler to do verification manually, but it appears that it's only used in the discovery and gossip endpoint calls. It's also not used at all for the single node connection. We're just using the default .NET certs verification for the TCP calls.