And use them (when present) as the USER username [1] and server PASS
[2] respectively.  The previous implementation gave no way to set
PASS, which will vary on a per-target-server level.  There's unlikely
to be much need to set per-server usernames, except collision
avoidance (e.g. network X already has an 'irker' user).

I changed the existing IRCServerConnection.connect argument from
'ircname' to 'realname' to match the USER specs and our
IRCServerConnection.user implementation.  The 'realname' and
'username' arguments are currently unset, but you could add command
line options to set irker-wide defaults, and use the kwargs chain to
pass them down to the connect method.  The fallback logic is:

* Prefer the setting listed in the URL (although you'd need to add a
  parser to extract 'realname').  If that's empty or missing, fall
  back to
* The irker-wide default passed down the kwargs chain.  If that's
  empty or missing, fall back to
* Local defaults ('irker' and 'irker relaying client').

I also tweaked the servername and port extraction in
Target.__init__(), because they are already parsed out of the netloc
(along with the username and password) by urlparse().

[1]: https://tools.ietf.org/html/rfc2812#section-3.1.3
[2]: https://tools.ietf.org/html/rfc2812#section-3.1.1

This is pretty basic, just using as much of Python's ssl module as the
host Python implementation supports.  I also added error-level logging
of IRCServerConnectionError instances, to get helpful messages like:

  Invalid SSL/TLS certificate:
  hostname 'localhost' doesn't match 'irc.example.net'

and:

  Couldn't connect to socket: _ssl.c:334: No root certificates
  specified for verification of other-side certificates.

Important milestones in the standard library's ssl module:

* Python 2.5 [1,2]: No ssl module at all
* Python 2.6 [1,2]: ssl module added
* Python 3.2 [3,4]: ssl.SSLContext class added, with
  SSLContext.set_default_verify_paths [4].  ssl.match_hostname is also
  added [5], which can be used with the existing getpeercert [6] to
  ensure the server certificate belongs to the target host.

So for full verification, we need Python 3.2.  We can scrape by with
2.6 and later, by manually supplying a ca_certs path and ignoring
hostname mismatches.  That's more succeptible to man-in-the-middle
attacks, but still better than sending server, nick, and channel
passwords in plaintext.

[1]: http://docs.python.org/2/library/ssl.html
[2]: http://docs.python.org/2/whatsnew/2.6.html#improved-ssl-support
[3]: http://docs.python.org/3/whatsnew/3.2.html#ssl
[4]: http://docs.python.org/3/library/ssl.html#ssl.SSLContext.set_default_verify_paths
[5]: http://docs.python.org/3/library/ssl.html#ssl.match_hostname
[6]: http://docs.python.org/2/library/ssl.html#ssl.SSLSocket.getpeercert

Signed-off-by: Eric S. Raymond <esr@thyrsus.com>

- invalid options should print usage