Fixes: #53
Fixes: #46

A long time back, OpenConnect started returning the IP address when we
call openconnect_get_hostname(), to ensure that it ends up establishing
the connection to precisely the same host as it authenticated to. Since
we passed on the server certificate fingerprint explicitly it didn't
need to revalidate that anyway.

However, that breaks virtualhost servers which rely on either a Host:
header or SNI to provide the actual hostname. So where OpenConnect is
new enough to understand the --resolve argument, use that and go back
to giving it the *actual* hostname in the connect URL.

Meanwhile, the Pulse protocol started actually caring about the *path*
for the connection; it's the only one for which the path part of the
URL actually matters after authentication, and isn't just noise left
behind by the last form we authenticated to. So for *Pulse* only, add
the path too.

The next OpenConnect release will have openconnect_get_connect_url()
and we won't need to do that by hand, but for now we *can* support
versions going back to v7.07 where the --resolve argument was added,
so let's do so.

We need to construct the --resolve argument too, and everything we
need to do that is already available, although it's a bit icky that
we have to strip the [] from around IPv6 literals.