Document potential footgun with GTlsCertificateFlags and deprecate certain usages

Once upon a time, we tried to return all possible certificate errors, but it never actually worked reliably and nowadays we have given up. This needs to be documented because a reasonable developer would not expect it.

Because mistakes could be security-critical, I decided to copy the same warning in several different places rather than relying only on cross-referencese.

Also, deprecate GTlsClientConnection:validation-flags, GSocketClient:tls-validation-flags, and associated getters/setters.