PluginInstaller: certificate/CA pinning

With issue #78 (closed) closed by !6 (merged) , the security of PluginInstaller improved. However, a powerful attacker could have a certificate issued by a valid CA (on your system) for ftp.gajim.org, easily gaining control on user's system.

Restricting the CA to LetsEncrypt will reduce the attack surface: only an adversary capable of fooling LetsEncrypt could perform such an attack. My branch https://dev.gajim.org/boyska/gajim-plugins/tree/https-pinning does exactly this and "seems to work".

Not only the code deserves audit; it's also required, for this to make sense, to have a talk with ftp.gajim.org sysadmins to acknowledge that they will continue to use LetsEncrypt for a reasonable while.