port certificate pinning API to trust policy
This is a continuation from: https://bugzilla.gnome.org/show_bug.cgi?id=791401#c12
Currently the GcrTrust API uses trust assertions model to store certificate trust information. It would be nice to switch to using trust policy instead.
Then we could replace gnome-keyring-pkcs11.so with p11-kit's "User Trust" store.