Add an option for stricter OpenVPN ssl/tls+user auth checking
Currently, we don't verify that the common name of the certificate matches the username being used for login. This means that if someone has a valid server certificate, they can then use any valid username/password combination to get into the server. This may be good for some scenarios, but in more strict environments it wouldn't be acceptable.
We should add a checkbox on the OpenVPN server configuration for this scenario to allow users to enable the more strict checks.
The auth-user-pass-verify script we have could read this setting and run the test before querying the backend authentication server.