Add option to specify CA-certificate for LDAPS verification

[misterdohl]

Related to #136

I have an internal LDAP/AD server that is the CA for the internal domain, thus not having an "official signed" certificate.

I can disable the certificate check with validate_cert: false (this still needs to be added to the README/documentation i think?), but this comes with security risks.
It would be nice to be able to give a path to the CA to use for verification on LDAPS.
Is this feature still in the pipes?

[ki9us]

ca_certs_file worked for me.
A comment in the sample config said all the values from the TLS object are valid.