bug: eventsource fails to reject self-signed certs if non-empty options are provided

[evanshortiss]

I stumbled across this issue when I tried to understand why NODE_TLS_REJECT_UNAUTHORIZED didn't work with this library.

The following code will work as expected, and reject a self-signed TLS certificate.

const es = new EventSource('https://self-signed.com')

However, the following code will connect to the self-signed certificate:

const es = new EventSource('https://self-signed.com', {})

This appears to be an unexpected, and undesirable behaviour. Let me know if I've misunderstood. I'll open a PR in the meantime :)