nghttp2_session_client_new2 and nghttp2_session_server_new2 take
additional parameters which specifies session options.
nghttp2_set_option is somewhat crumsy because of type checking.
Now we use nghttp2_opt_set, which specifies individual options with
types. We changed the value of nghttp2_opt, so this change will
require re-compile.

Using --cacert to load certificate for client certificate authentication
is problematic since, --cacert is also used for client mode.
This commit adds --verify-client-cacert option which specify the CA
certficate file used only for client certificate validation.
This change also removes the default certficate load function for
client certificate validation.

It is not clear that SETTINGS_ENABLE_PUSH = 0 disallows HEADERS
to the reserved streams. For now, we just check the reception
and transmission of PUSH_PROMISE against SETTINGS_ENABLE_PUSH.

This option requires client certificate and successful verification.
Use --cacert option to add CA certificates as necessary.