Support using the system cert pool in the TLS config if on go 1.7

[cyli]

Go 1.7 added x509.SystemCertPool().

It'd be nice to support this in the TLS configs instead of the empty cert pool (perhaps optionally?) on go 1.7 builds using a build tag.

Not sure if we should default to the TLS config being an empty cert pool or the system cert pool - should there be an extra option in the config options?