Since one test read in a file, wrote it out, and read it in again, we
have to be careful of whether srcdir == builddir or not. If it doesn't,
then we need to remove the written-out connection file. If it does, then
we don't want to remove that written-out connection file because it's
tracked by SCM. Avoid the whole problem by writing it out to a separate
directory that we can always delete it from.
TLS uses the 'identity' which previously wasn't read. The private key
password should also only be used for PKCS#12 files, becuase they aren't
decrypted when read into the setting.
Private keys also need to be handled differently; PKCS#12 keys are written
out unchanged (ie, still encrypted) with their corresponding private key.
DER keys are stored in the setting unencrypted, so they are re-encrypted
before being written out to disk. But because the private key password
isn't known for DER keys, a random password must be used to re-encrypt
the key.
