SSO via client SSL certificates

Support for authentication using client side SSL certificate.  This
authentication type is actually kind of SSO. Gerrit will configure Jetty's SSL
channel to request client's SSL certificate. For this authentication to work a
Gerrit administrator has to import the root certificate of the trust chain used
to issue the client's certificate into the <review-site>/etc/keystore.

For the Gerrit's server side SSL certificate one can use a certificate signed
by a CA or a self-signed certificate.

After the authentication is done Gerrit will obtain basic user
registration (name and email) from LDAP, and some group memberships.

Change-Id: Ic076178f844f05b73be5d7c8fe9c8bb29b458f26

gerrit-server/src/main/java/com/google/gerrit/server/config/AuthConfig.java

@@ -146,6 +146,7 @@ public class AuthConfig {
       case HTTP_LDAP:
       case LDAP:
       case LDAP_BIND:
+      case CLIENT_SSL_CERT_LDAP:
         // Its safe to assume yes for an HTTP authentication type, as the
         // only way in is through some external system that the admin trusts
         //

gerrit-server/src/main/java/com/google/gerrit/server/config/GerritGlobalModule.java

@@ -127,6 +127,7 @@ public class GerritGlobalModule extends FactoryModule {
       case HTTP_LDAP:
       case LDAP:
       case LDAP_BIND:
+      case CLIENT_SSL_CERT_LDAP:
         install(new LdapModule());
         break;