SSO via client SSL certificates

Support for authentication using client side SSL certificate.  This
authentication type is actually kind of SSO. Gerrit will configure Jetty's SSL
channel to request client's SSL certificate. For this authentication to work a
Gerrit administrator has to import the root certificate of the trust chain used
to issue the client's certificate into the <review-site>/etc/keystore.

For the Gerrit's server side SSL certificate one can use a certificate signed
by a CA or a self-signed certificate.

After the authentication is done Gerrit will obtain basic user
registration (name and email) from LDAP, and some group memberships.

Change-Id: Ic076178f844f05b73be5d7c8fe9c8bb29b458f26

gerrit-gwtui/src/main/java/com/google/gerrit/client/Gerrit.java

@@ -481,6 +481,7 @@ public class Gerrit implements EntryPoint {
       switch (cfg.getAuthType()) {
         case HTTP:
         case HTTP_LDAP:
+        case CLIENT_SSL_CERT_LDAP:
           break;
 
         case OPENID:

gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AccountGroupScreen.java

@@ -225,6 +225,7 @@ public class AccountGroupScreen extends AccountScreen {
       case HTTP_LDAP:
       case LDAP:
       case LDAP_BIND:
+      case CLIENT_SSL_CERT_LDAP:
         break;
       default:
         return;