This change implements handling for the case that a login request
retrieved from Hydra has a pre-defined subject. The login request is
rejected if the requested subject is not part of the presented client
certificate.
- recommend `mkcert` to generate certificates for local development
- change default configuration to use files recommended in README.md
- separate server name and bind address to allow binding to a local address
but publish a different public name
