fix up grammar in submit_trailer docs

nghttpx: Verify OCSP response using trusted CA certificates

nghttpx: Set default minimum TLS version to TLSv1.2

Previously, the default minimum TLS version was TLSv1.1, but the
default cipher list didn't include any compatible ciphers with it.
This made handshake fail if TLSv1.1 was negotiated because there was
no shared ciphers.  To make the default settings consistent, the
default minimum TLS version is now TLSv1.2.

fix cleaning in out-of-tree builds

The altered previously failed if the rst sources hadn't been copied over.

It looks like we can use nocopy version here.  We use nocopy version
in frontend in day 1.

spelling mistake in arguments to build nghttp apps

At least we should make sure that the OCSP response is targeted to the
expected certificate.  This is important because we pass the file path
to the external script, and if the file is replaced because of
renewal, and nghttpx has not reloaded its configuration, the
certificate nghttpx has loaded and the one included in the file
differ.  Verifying the OCSP response detects this, and avoids to send
wrong OCSP response.

Call ERR_clear_error() before the OpenSSL function if we use
SSL_get_error() to examine error stack.

Compile with --disable-assert

nghttpx: Run OCSP at startup

nghttp2_session: Allow for compiling library with -DNDEBUG set

With --ocsp-startup option, nghttpx starts accepting connections after
initial attempts to get OCSP responses finish.  It does not matter
some of the attempts fail.  This feature is useful if OCSP responses
must be available before accepting connections.