In order to connect to a remote server, we need to provide a path to the
repository we're interested in. Consider the lack of path in the url an
error.

Bring together all of the OpenSSL initialization to
git_threads_init() so it's together and doesn't need locks.

Moving it here also gives us libssh2 thread safety (when built against
openssl).

OpenSSL's tests init everything in the main thread, so let's do that.

When using in a multithreaded context, OpenSSL needs to lock, and leaves
it up to application to provide said locks.

We were not doing this, and it's just luck that's kept us from crashing
up to now.

The OpenSSL init functions are not reentrant, which means that running
multiple fetches in parallel can cause us to crash.

Use a mutex to init OpenSSL, and since we're adding this extra checks,
init it only once.

The code doesn't use SSL and a test requires it.

It's possible for an encrypted connection not have a certificate. In
this case, SSL_get_verify_result() will return OK because no error
happened (as it never even tried to validate anything).

SSL_get_peer_certificate() will return NULL in this case so we need to
catch that. On the upside, the current code would segfault in this
situation instead of letting it through as a valid cert.

Specify what we do not like about the certificate. In this case, we do
not like the name.

This kind of stuff should have unit tests, even if it's just to show
what we expect to match successfully.