gnutls: Build the certificate chain recursively instead of using a loop

We are currently checking every certificate in the chain and also
looking for an issuer in the database for the last certificate of the
chain. Now build_certificate_chain is called recursively so that for all
issuers that fail, we also try to find an issuer in the database,
instead of just for the last one. Pinned certificates are now handled by
the caller since they are done only once for the first certificate.
This fixes the case of fbcdn-dragon-a.akamaihd.net for which all the
certificates in the chain are not anchored, but we can find an issuer in
the database for the second certificate that is anchored.

https://bugzilla.gnome.org/show_bug.cgi?id=750457