Compile with and without _unsecure

• Compile with both options
• Make sure that tests fail with _unsecure and don't
• Check integration tests locally and create potential follow-up issues if README is incomplete

From duplicate #98 (closed)

#84 (closed) suggests that the no-op code is opt-in. We should test our code that TLS actually validates the > certificates by

1. create a minimal http2 server (doesn't even have to implement the GRPC-API, just TLS) and a self-signed > certificate (simulating a MitM attack). Maybe also wrong subject/dns name? Maybe also expired?
2. have the library request the server and fail during TLS handshake due to untrusted cert.

Maybe the test could be one of the package tests which run during packaging?