support for transparent redirection

[abbbe]

• If user has specified '--server-use-orig-dest', the system has to try and obtain the original destination of the connection (before it was redirected to sslcaudit) for each connection. That destination will become a part of client_id (which is not really a client_id for a long time, but I have no better word yet) and will be used to distinguish between separate testing sessions.
• when a server seen for the first time, the system has to fetch the server certificate and be able to use it, if instructed.