Validate configured hostnames against certificates

[jhiemstrawisc]

Pelican has several configuration parameters that configure server hostnames:

• Server.Hostname --> default is os.Hostname()
• Origin.Url --> the hostname+port for an origin's XRootd component. Default of https://${Server.Hostname}:${Origin.Port}
• Cache.Url --> the hostname+port for a cache's XRootd component. Default of https://${Server.Hostname}:${Cache.Port}
• Server.ExternalWebUrl --> The hostname+port for any Pelican server's WebUI. Default of https://${Server.Hostname}:${Server.WebPort}

When incoming HTTPS requests reach a Pelican server, they use the configured TLS certificate to validate that the connection is authentic. However, we currently don't prevent users from configuring their service with a hostname that isn't valid for the provided certificate.

This was observed when an origin tried to perform a self test against its own mis-configured hostname, resulting in remote error: tls: bad certificate because it didn't have a valid certificate for the hostname.

Instead of leaving users scratching their head over what this cryptic message means, we should be able to validate each of the aforementioned config params against the configured certificate. If there's a mismatch, we should either error out or make the issue obvious with a warning. If we decide to make this a terminal error, we should double check it doesn't break any other abilities to spin up quick test servers.