Remove the warning if the caller gets the insecure variant and add hostname verification (SNI)

For insecure - not doing verifiaction is normal and documented behavior, no need for extra warnings.
When upgrading the socket - we need to set SNI before the handshake, with the other options.

Change-Id: I494ca8e783deb1387dc11e21422d2141a6d5a617