get_cert_scheme() would return PATH scheme for binary data that
later will be rejected by verify_cert(). Even worse, get_cert_scheme()
would not check whether the path is NUL terminated, hence the following
can crash for an invalid connection:

  if (nm_setting_802_1x_get_ca_cert_scheme (s_8021x) == NM_SETTING_802_1X_CK_SCHEME_PATH)
      g_print ("path: %s", nm_setting_802_1x_get_ca_cert_path (s_8021x))

Combine the two functions so that already get_cert_scheme() does
the same validation as verify_cert().

Also change behavior and be more strict about invalid paths:

 - Now, the value is considered a PATH candidate if it starts with "file://",
   (sans NUL character).
   A change is that before, the "file://" (without NUL) would have
   been treated as BLOB, now it is an invalid PATH (UNKNOWN).

 - If the binary starts with "file://" it is considered as PATH but it
   is only valid, if all the fllowing is true:
   (a) the last character must be NUL.
   (b) there is no other intermediate NUL character.
       Before, an intermediate NUL character would have been accepted
       and the remainder would be ignored.
   (c) there is at least one non-NUL character after "file://".
   (d) the string must be fully valid utf8.

   The conditions (b) and (c) are new and some invalid(?) paths
   might no longer validate.
   Checking (d) moved from verify_cert() to get_cert_scheme().
   As set_cert_prop_helper() already called verify_cert(), this
   causes no additional change beyond (b).