(PUP-744) Expand scope of OpenSSL rescue block

The persistent http connection work introduced a regression,
preventing the agent from displaying useful error messages when SSL
verification fails, e.g. the server's SSL certificate doesn't match
the hostname the agent tried to connect to. The connection_spec test
didn't catch the issue, because those tests execute with the
non-caching pool, which always uses non-persistent connections.

The root cause is because the Connection class assumed http
connections are started by ruby in the Net::HTTP#request
method, so the OpenSSL rescue block wrapped that call.

However, in order to use persistent http connection, the caller needs
to explicitly start the connection prior to calling Net::HTTP#request,
which happens in the outer Connection#with_connection method.

This commit expands the scope of the rescue block. This way we receive
meaningful error messages if the connection is started explicitly for
persistent connections, or on-demand for non-persistent connections. It
also executes the ssl verification tests using persistent connections.

Also note that with_connection is private, so the fact that
Pool#with_connection or Net::HTTP#request can start the connection
is not visible to users of the Connection class.