add ability to bypass server certificate validation

for testing purposes, we need to be able to run the client in a mode where it does not validate the TLS connection that is used for pulling down the ca certificate (subsequent tls connections are validated with this certificate).

options:

add a command line flag @--danger@

do not validate certificates for 'development' builds, but require for 'production' builds.

allow the user to enter some magic key combination that disables certificate validation.

probably #2 is the easiest and safest option, so long as we make it so that end users are not accidentally downloading development builds.

(from redmine: created on 2013-04-11, closed on 2013-04-12)