add configuration option tls_version

Related to
https://python-nbxmpp.gajim.org/ticket/17

http://tidy.sourceforge.net/

Fixes #7628

force sending muc invitation to the jid/resource if we're chatting with a specific resource. Fixes #7582

add a <private> element to message stanza when message carbons is enabled and message is encrypted. Fixes #7616

Fixes #7662

http://docs.python.org/3/library/logging.html

  Note: There is an obsolete method warn which is functionally identical to
  warning. As warn is deprecated, please do not use it - use warning instead.

I have submitted the 'tls_version' to the incorrect default branch.
The correct submit was done in changeset 15331:b5831b64e5d2 ,
branch gajim_0.16 .

More on the effect of TLS tickets:
https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf

Fixes #7638

The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }

RFC3526 specifies a generator of 2.

The generation of the group is described in RFC 2412.

Fixes: #7644

These CA certificates were copied from debian ca-certificates, which uses
certificates from Mozilla's trust store.

spi CA certificate has be removed, no server in xmpp.net list uses this
CA certificate.
https://xmpp.net/directory.php

I have removed these CA certificates with 1024-bit RSA public keys,
because Mozilla is planning to remove them in Q1 2014 :

Digital_Signature_Trust_Co._Global_CA_1.crt
Digital_Signature_Trust_Co._Global_CA_3.crt
Entrust.net_Secure_Server_CA.crt
Equifax_Secure_CA.crt
Equifax_Secure_eBusiness_CA_1.crt
Equifax_Secure_Global_eBusiness_CA.crt
GTE_CyberTrust_Global_Root.crt
NetLock_Business_=Class_B=_Root.crt
NetLock_Express_=Class_C=_Root.crt
RSA_Root_Certificate_1.crt
Thawte_Premium_Server_CA.crt
Thawte_Server_CA.crt
ValiCert_Class_1_VA.crt
ValiCert_Class_2_VA.crt
Verisign_Class_1_Public_Primary_Certification_Authority.crt
Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt
Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt
Verisign_Class_3_Public_Primary_Certification_Authority.crt
Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt

See:
https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/
https://wiki.mozilla.org/CA:MD5and1024

I'm also removing TurkTrust CA certificates because of this security
incident:
https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/

TURKTRUST_Certificate_Services_Provider_Root_1.crt
TURKTRUST_Certificate_Services_Provider_Root_2007.crt
TURKTRUST_Certificate_Services_Provider_Root_2.crt

other/cacert.pem is used only on Windows. On Unix platforms
use CA certificates installed in /etc/ssl/certs
(python-nbxmpp loads CA certificates from /etc/ssl/certs directory)

Fixes #7629

add configuration option tls_version

Related to
https://python-nbxmpp.gajim.org/ticket/17