Cleanup crypto

Stopping KeepAlive thread could trigger renewing secure channel.
In disconnect() Client sent CloseSessionRequest and
OpenSecureChannel(Renew) almost simultaneously.

It is not used and is equivalent to uacrypto.der_from_x509()

Add minimal example of server with encryption

Also add example certificate and private key

Moved most of the common logic to uaprotocol.SecureConnection class.
Example of server with security enabled:
tools/uaserver --populate --certificate cert.pem --private_key pk.pem

partial subscription race condition fix

otherwise we may not generate notifications!!!

After internal subscription is requested to stop, it may publish result as _sub_loop() is called using call_later(). Double check if subscription is stopped before publishing.

When client creates a subscription, server will send subscription response and publish response in short interval. But client recving thread may call publish callback before client main thread finish registering the subscription id.
Client create/delete sub code is moved to recving thread, so it will executed in sequence.

Fixes

In uaserver, --populate flag was inverted and uaserver didn't work
without --populate (undefined variable myvar).
InternalServer always returned only the first endpoint

Fix authentication by certificate

Support client-side encrypted passwords

Checked on OPC Foundation .net UA server

Use IntEnum where possible instead of simple class

Clean up client's security policy API

Also, move all crypto functions to uacrypto.

Added set_security() and set_security_string() methods to Client.
Removed duplicate server_certificate field, renamed
client_certificate and private_key to user_certificate and user_private_key.