Today, mongoldap tests for TLS connectivity by hooking directly into the system's TLS library (OpenSSL on all Linux distros) to establish a TLS connection with the provided LDAP TLS configuration options. If the TLS handshake fails, it includes the error in the report but does not throw.

This contrasts with mongoldap's behavior when it hits issues in other sections (e.g., LDAP binds), which cause it to hit an assertion failure and subsequently skip the rest of the report.

We should add a new option, assertTLSSucceeds, that will default to false. When it is toggled to true, it will cause the TLS connectivity check to trigger an assertion if it fails for any reason besides hostname-subject name mismatches. When it is set to false, then mongoldap will continue displaying the same behavior as today.

This will be useful to better diagnose TLS-related concerns that manifest with OpenSSL but fly under the radar via OpenLDAP's TLS implementation.