Enable replacing TLS certificates while executing

[ecton]

Without interrupting established connections, it should be possible to replace TLS certificates on the fly.

The practical use case for this is short-lived certificates such as LetsEncrypt needing to be rotated. While short-lived is still a long period of time, it's an often-enough occurrence that we should support a way to "reload" configuration without restarting.

Blocked by:

• khonsulabs/fabruic#27

[ecton]

@dAxpeDDa before I do this the "dumb" way by simply stopping the old socket and starting a new one, I wanted to ask to confirm there's nothing built-in for this for quinn/quic. (Edit: chatted offline, linked new issue in description)