Support openconnect_get_connect_url() to fix SNI and authgroup problems

Fixes: #53 (closed) Fixes: #46 (closed)

A long time back, OpenConnect started returning the IP address when we call openconnect_get_hostname(), to ensure that it ends up establishing the connection to precisely the same host as it authenticated to. Since we passed on the server certificate fingerprint explicitly it didn't need to revalidate that anyway.

However, that breaks virtualhost servers which rely on either a Host: header or SNI to provide the actual hostname. So where OpenConnect is new enough to understand the --resolve argument, use that and go back to giving it the actual hostname in the connect URL.

Meanwhile, the Pulse protocol started actually caring about the path for the connection; it's the only one for which the path part of the URL actually matters after authentication, and isn't just noise left behind by the last form we authenticated to. So for Pulse only, add the path too.

The next OpenConnect release will have openconnect_get_connect_url() and we won't need to do that by hand, but for now we can support versions going back to v7.07 where the --resolve argument was added, so let's do so.

We need to construct the --resolve argument too, and everything we need to do that is already available, although it's a bit icky that we have to strip the [] from around IPv6 literals.