Enhance the security realm plug-in mechanism for client-cert / external verification.

Currently verification is just based on the defined trust store - this is to take it one step further and allow an optional additional verification.

As a first step will need to ensure we have a suitable Callback from the authenticator to the realm to verify the identity and then this can be passed on to the plug-in.