Implement STARTTLS support

The current TLS implementation does not work with servers that require STARTTLS, such as protonmail-bridge. When trying to connect it errors out with

error="tls: first record does not look like a TLS handshake"

The fix is simple, as described in text.

This merge requests adds a new config option to enable STARTTLS (inside TlsOption). When STARTTLS is enabled, it uses the code to connect without TLS, the simple call to Dial and then, if it is successful, calls StartTLS passing the same arguments the DailTLS call does.