Make namespace checking mode configurable

Motivation:

For HTTP-TPC, the checking of Subject DN makes no sense, as the identity
being asserted by the EEC is the DNS name of the host.

Modification:

Add configation option to allow different checking modes, as supported
by the CaNL library.  The default option, if none specified, is the
existing mode `EUGRIDPMA_AND_GLOBUS_REQUIRE`, providing backwards
compatibility.

Result:

No user or admin visible changes by default.  StoRM-WebDAV now supports
an admin configuring the namespace checking mode via:

    storm:
	tls:
            namespace-checking-mode: IGNORE

Closes: italiangrid#65

src/main/java/org/italiangrid/storm/webdav/config/ServiceConfiguration.java

@@ -57,4 +57,6 @@ public interface ServiceConfiguration {
 
   public String getTlsProtocol();
 
+  public String getNamespaceCheckingMode();
+
 }

src/main/java/org/italiangrid/storm/webdav/config/ServiceConfigurationProperties.java

@@ -19,6 +19,7 @@
 
 import java.net.URI;
 import java.util.List;
+import java.util.Objects;
 
 import javax.validation.Valid;
 import javax.validation.constraints.Max;
@@ -363,6 +364,9 @@ public static class TLSProperties {
     @NotBlank
     String protocol = "TLS";
 
+    @NotBlank
+    String namespaceCheckingMode = "EUGRIDPMA_AND_GLOBUS_REQUIRE";
+
     public String getCertificatePath() {
       return certificatePath;
     }
@@ -426,6 +430,14 @@ public String getProtocol() {
     public void setProtocol(String protocol) {
       this.protocol = protocol;
     }
+
+    public void setNamespaceCheckingMode(String checkingMode) {
+      this.namespaceCheckingMode = Objects.requireNonNull(checkingMode);
+    }
+
+    public String getNamespaceCheckingMode() {
+      return namespaceCheckingMode;
+    }
   }
 
   public static class SaProperties {
@@ -786,6 +798,11 @@ public boolean requireClientCertificateAuthentication() {
     return getTls().isRequireClientCert();
   }
 
+  @Override
+  public String getNamespaceCheckingMode() {
+        return getTls().getNamespaceCheckingMode();
+  }
+
 
   public AuthorizationServerProperties getAuthzServer() {
     return authzServer;

src/main/java/org/italiangrid/storm/webdav/spring/AppConfig.java

@@ -208,7 +208,9 @@ X509CertChainValidatorExt canlCertChainValidator(ServiceConfiguration configurat
     long refreshInterval =
         TimeUnit.SECONDS.toMillis(configuration.getTrustAnchorsRefreshIntervalInSeconds());
 
-    return builder.namespaceChecks(NamespaceCheckingMode.EUGRIDPMA_AND_GLOBUS_REQUIRE)
+    NamespaceCheckingMode checkingMode = NamespaceCheckingMode.valueOf(configuration.getNamespaceCheckingMode());
+
+    return builder.namespaceChecks(checkingMode)
       .crlChecks(CrlCheckingMode.IF_VALID)
       .ocspChecks(OCSPCheckingMode.IGNORE)
       .lazyAnchorsLoading(false)