Refactor TLS, add TLS server

[clickingbuttons]

Blockers:

• Need RSA signature signing (std.crypto: Add public RSA module #19776). Key generation would be convenient for testing and users.
• Strongly prefer DER parser upgrade for parsing more Certificate fields (std.crypto: Add ASN1 module with OIDs and DER #19976).

Bugfixes:

• Account for trailing padding before inner message type after decrypting ciphertext
• Greatly simplified reading logic, no more index out of bounds when reading (fixes zig build: panic while downloading package #15590, fixes Sporadic 'index out of bounds' panic in tls client #15226, fixes intermittent TlsConnectionTruncated #14573, and fixes x86_64 backend cant make HTTPS requests #18126). This is at the cost of every TLS read @memcpying, which will be benchmarked and potentially optimized.
• Support spec's 2^24-1 size certificates with an allocator (sorry, gotta do it for the spec...)
• Send alerts (fixes std.crypto.tls.Client: send an alert message to the server when an error occurs #14167)
• Handle fragmentation when reading and writing

Features:

• Add TLS server (closes add std.crypto.tls.Server #14171)
• Only buffer a single message at a time (cost: MultiHash triple hashing first Handshake message)
• Less RAM usage when handshaking (only single message is buffered) and reading application data (ciphertext, plaintext, and various stack buffers replaced with single fragment buffer)
• Pass null for Client ca_bundle to skip Certificate validation.
• Support SSLKEYLOGFILE
• Convenient encoding and decoding for TLS implementers

Tests:

• Client and server messages byte by byte. Bootstrapped from xargs and bytebybyte.
• Every supported cipher suite, group, and signature algorithm between server and client
• Fragmentation

Even without a coverage report, I can confidently say this closes #14174

TODO:

• Server state machine + curl test
• KeyShare kyber read
• StreamInterface readv instead of readAll
• Review implementation pitfalls
• Top 100 sites (closes test std lib TLS implementation against many real world servers #14172)
  • Client TLS 1.2 support
• Top clients (chrome, curl, wget, python)
• Send key update on overflow
• Server key update support
• Proper HelloRetryRequest support in server
• Add kyber without increasing struct sizes from 256 bytes to 13Kb (possibly use HelloRetryRequest?)

Performance TODO:

• support 0-RTT (one roundtrip will likely save more than any other optimization and works great for idempotent requests like HTTP get)
• benchmark handshake time + application data throughput
• store multiple fragments in buffer for less syscalls
• streaming crypto decrypt to avoid memcpy
• store handshake_cipher somewhere temporary
• investigate basic http (not TLS) app is unreasonably big #17051
• remove debug printing

https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility

[VisenDev]

This will be really nice if TLS 1.2 will finally be supported!

[clickingbuttons]

This branch isn't abandoned. I've made a PR with DateTime added, am working on a crypto PR (adding a DER parser and RSA functions), and then finally will base this PR on those.

[clickingbuttons]

DateTime PR #19549 was rejected, will fixup current implementation instead.

Currently blocked on #19976 and #19986.

[andrewrk]

No update for 30+ days, still a draft.