Complete simplification of key share handling

[hanno-becker]

• Remove mbedtls_ssl_conf_key_shares_curves()
• Remove ssl->conf->key_shares_curve_list
• Introduce a getter ssl_tls13_get_key_share_group() which is used in ClientHello to obtain the ID of the group for which a key share should be generated.
• As a first approximation, define ssl_tls13_get_key_share_group() as returning the first element of ssl->conf->curves.
• As a refinement, add a field offered_key_share_group and a configuration function mbedtls_ssl_conf_tls13_default_group() which allows users to set a different group ID than curves[0] for the initial key share.
• When we finalize support for HRRs requesting different groups, we can then re-set offered_key_share_group to whatever the server prefers, and the next ClientHello will use that.