CVE-2013-0240: Do not allow invalid SSL certificates

None of the branded providers (eg., Google, Facebook and Windows Live)
should ever have an invalid certificate; and in this version of GOA,
that's all we have. So set "ssl-strict" on the SoupSession object
being used by GoaWebView.

Reviewed-by: Debarshi Ray <debarshir@gnome.org>
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=693214