Implement host override of CN checking in the ASIO backend (#832)

* Implement host override of CN checking in the ASIO backend

Add new function calc_cn_host which applies our host header override policy.
Add the CN hostname used to asio_connection. Change the protocol such that the SSL upgrade request needs to come with the target hostname to use.
Replace std::deque in connection pooling with a version that has constant amortized time per insertion. (std::deque is only constant amortized time for insertions in terms of element operations, not overall). Factor out the replacement policy from the overall pool machinery.
Change release() to take shared_ptr&& to make sure the caller has let go.
Enable verify_cert_chain_platform_specific on Windows; otherwise OpenSSL says that the root CAs are untrusted and all SSL tests fail on Windows.
  This accidentially repairs these test cases on Windows:
  **** outside_tests:outside_wikipedia_compressed_http_response FAILED ****
  **** outside_tests:multiple_https_requests FAILED ****
  **** outside_tests:outside_ssl_json FAILED ****

* Add missing std::move.

* Use hot connections instead of cold connections in connection pool.

* Put timer start code back.

* Reset the shared_ptr when it is being dropped.

* Fix end comment broken by merge hell.