tls: add `allowPartialTrustChain` flag
This commit exposes the X509_V_FLAG_PARTIAL_CHAIN OpenSSL flag to users. This is behavior that has been requested repeatedly in the Github issues, and allows aligning behavior with other TLS libraries and commonly used applications (e.g. curl).
As a drive-by, simplify the SecureContext source by deduplicating call sites at which a new custom certificate store was created for the secureContext in question.