Run against secure servers

[tbg]

It turns out that even though we had introduced functionality to run against
secure CRDB in cockroach-go, we had never actually started to use it here.

This series of commits fixes that.

Unfortunately, it turns out that this won't just work out of the box for
many of the ORMs, and we have to stay insecure. Notably:

• GoPG has no client cert support
• Hibernate doesn't unescape the paths in the URL correctly and fails to find
  the certs
• Sequelize and Django don't pick up the options from the query string

This leaves only GORM, SQLAlchemy, and ActiveRecord actually running securely.

Interestingly, the tenant proxy, which I originally intended to use here,
could make this work better since it does not require client certs.

[cockroach-teamcity]

This change is 

[rafiss]

nice, thank you for the updates

Reviewable status: 0 of 10 files reviewed, 1 unresolved discussion (waiting on @rafiss and @tbg)

---

testing/main_test.go, line 403 at r4 (raw file):

		tableNames:  djangoTestTableNames,
		columnNames: djangoTestColumnNames,
		// No support for client certs (at least not via the query string).

seems like it would work with making a settings.py, but i guess that would be too large of a refactor?
https://stackoverflow.com/questions/35869001/django-connection-to-postgresql-using-cert-authentication

[tbg]

Yeah, I think (hope) that all of these could actually work, at least through the proxy (where all you need is server ssl and password auth), but I didn't want to get into that in the first PR. My end goal is that, though, so there will be more.

TFTR!