Re-work TLS to match OpenSSL's style

[rengolin]

After #3361 and #3394, there's only an OpenSSL implementation of TLS in CCF. However, because we have MbedTLS as the previous implementation, and we wanted to play safe on the migration, we emulated their style with OpenSSL to match.

Now that MbedTLS is completely removed from the tree, we can finally look at the TLS implementation (including the TLS endpoint) and adapt it to match the OpenSSL style, and consequently reduce the complexity of the code, increasing manitainability.

Things to look out for:

• The callback was the only way MbedTLS could operate, but OpenSSL can use BIOs, so we should change the endpoint's handlers to match.
• OpenSSL returns success and error code separately, so we should remove the "negative return hack".
• Wants read/write and other non-errors are being used in the return value and we need to check it on every read. We should just use the return value of the read/write and check for status/errors on the caller.
• Make sure we still need the certificate to be null-terminated. If not, there's a bunch of logic we can clean up.

I'm sure there are more, these are just the bigger ones.

[wintersteiger]

Null byte from PEM removal: https://github.com/microsoft/CCF/pull/3885.