SslHmacChannelAuthenticator passes in a null one which crashes but the
IsAllowedBadCert check, as well as inconsistent ability to use X509Certificate
in the sandbox masks the issue most of the time.

This also fixes FakeStreamSocket to propogate disconnects to the peer, which is
needed to add a test for this case. (If SSLClientSocket doesn't like a
certificate, it just ceremoniously disconnects the connection right after the
handshake.) This test crashed before this CL outside the sandbox. (Inside the
sandbox, it's possible that it worked on some platforms due to the sandbox
breaking net::X509Certificate. I didn't do a survey.)

BUG=none

Review URL: https://codereview.chromium.org/1080593003

Cr-Commit-Position: refs/heads/master@{#326886}