Add support for PKCS#11
Adds support for new config options: pkcs11-id and pkcs11-provider, which are then directly forwarded to OpenVPN. `handle_auth` distinguishes PKCS#11 auth requests by the " token" suffix. As other auth options currently supported don't seem to operate with tokens, this should work. Another PKCS#11-specific aspect is forgetting the user-provided password after forwarding it to OpenVPN, as password being re-asked usually means that the one provided was rejected by the token (PKCS#11 providers are not very good at error-reporting, at least not OpenSC).