[Mono.Security]: Add the new certificate store.

[Mono.Security]: Add the new certificate store.

BTLS uses a different format and naming scheme for the local certificate store.

Before using BTLS for the first time on desktop, you need to convert the local
certificate store by either using the new `btls-cert-sync` tool (which will convert
your existing certificate store to the new new format) or `cert-sync` with the
`--btls` argument.

The new format and naming scheme is identically to what you'll find in
'/system/etc/security/cacerts/' on an Android device.  It stores the certificates
in PEM format (with a human-readable text section added) using filenames which
are based on the certificate's subject name hash.

Previously, Mono stored the certificates in binary DER format, using a filename
based on either the Subject-Key-Identifier (if available) or the thumbprint.

We cannot access this from BTLS because computing these filenames requires
reading the entire X509 certificate (including the X509v3 extensions), but
their native lookup code only gives us the SubjectName.

This transitioning won't affect Android users as we're using the system
certificate store (including the user certificate store, via a Java callback).

* Mono.Security.X509.X509Store and X509Stores:
  Support both the old and the new format.  Using the new format requires BTLS.

* Mono.Security.X509.X509StoreManager:
  Add `NewCurrentUserPath` and `NewLocalMachinePath` properties for the
  new path names (~/.config/.mono/new-certs).

* Mono.Security.X509.X509StoreManager:
  Add `NewCurrentUser` and `NewLocalMachine` properties.  Requires BTLS.

* tools/security/cert-sync:
  Add new `--btls` argument to use the new store.