Refactor use of SSL context objects

[wintersteiger]

From #3449. We should refactor the use of SSL and SSL_CTX in tls/context.h. An SSL inherits options (e.g. for certificate verification) from the SSL_CTX. Since we will have different endorsement types for multiple interfaces soon (#3450), it may be more natural to keep a whole SSL_CTX for each connection.

@rengolin says:

In our use case, it doesn't matter because we always create both on a new connection. The easy solution is to ignore CTX and configure only SSL. This would still keep the format as we have today.

But we can also have a more persistent CTX and only create a new SSL for each connection. In that case, we'd need to split Context from Connection and only have send and recv on the latter.

I don't know what's the overhead of setting up, but I'd guess creating a new SSL from an existing (and already configured) CTX would be almost a copy construction.

The downside is that, if we have different types of connections (with and without verification, different certificates), then the persistent CTX needs to be a list of them, not just one, and we'd need a way to choose between them.