enable certificate pinning for proxied requests

enable certificate pinning for proxied requests

when forwarding an API request to the responsible node,
only accept the certificate that this node should have
according to the contents of the cluster file system.

to limit performance issues, cache certificate fingerprint
on first request for each node, and only regenerate cache
(at most once per minute) if the actual encountered
fingerprint does not match or every 30 minutes (to clear out
old entries).