[0-RTT][RFC] Create new API for sending early data

[jesiegel1]

Description

This PR adds a new API for sending early data, building off the work done in #369.

Background

Currently, to send early data the client application calls mbedtls_ssl_set_early_data() before the handshake begins, with a pointer to the early data buffer. Once set, the early data buffer cannot be changed during the handshake, limiting the client application to a single early data payload and reducing the opportunity to take full advantage of early data.

Consider a streaming app for example, where real-time data is generated simultaneously with the handshake. The new API will support streaming early data throughout the duration of the handshake in accordance with the standard:

Clients are permitted to "stream" 0-RTT data until they receive the server's Finished, only then sending the EndOfEarlyData message, followed by the rest of the handshake.

Status

DRAFT, solicit feedback on design.

Requires Backporting

NO

Additional comments

• Credit to @zhihan for setting the foundation for this work, and @lhuang04 for offering feedback.
• I left the existing early data API untouched for now, anticipating it will eventually be removed. The new API can be enabled thru mbedtls_ssl_conf_early_data().
• This branch is based off [0-RTT] Use trial decryption if server rejects client 0-RTT attempt #386 in order to enable adding tests for the early data rejected case.

Todos

• Tests
• Documentation
• Changelog updated
• Backported

Steps to test or reproduce

ssl-opt.sh -f 'early data'