Microsoft recently updated the root CA certificates that are served to
Azure clients.  See the following article for more details:
https://docs.microsoft.com/en-us/azure/security/fundamentals/tls-certificate-changes

This change broke meek-lite because none of its pins work anymore.  That
means that Tor Browser users can no longer use meek-azure or moat as
both rely on meek-lite.

This patch fixes the problem by updating the certificate pins.

Signed-off-by: Yawning Angel <yawning@schwanenlied.me>