Clarify certificate verification in Cisco CSD trojan scripts

The desired logic is that:

• When CSD_SHA256 is empty or not set, let cURL verify certificates using the usual default method.
• When a public key is specified in CSD_SHA256, tell cURL to verify server certificates against that public key.

The latter is possible with cURL ≥ 7.39 and options -k --pinnedpubkey. Unfortunately, option --pinnedpubkey is not available in cURL < 7.39, in which case we have to skip certificate verification.

Fixes #483 (closed).