Set SSL_OP_LEGACY_SERVER_CONNECT when peeking at servers

[rousskov]

Squid TLS Server Hello parser does not treat legacy servers specially, but enabling legacy server support in OpenSSL allows OpenSSL to advance enough in its Server Hello processing to provide SslBump code with the server certificate (that Squid then validates). Successful certificate validation, in turn, may result in Squid splicing the connection, even if OpenSSL detected other errors:

noteNegotiationError: hold TLS write on FD 15 despite
SQUID_TLS_ERR_CONNECT+TLS_LIB_ERR=2000068+TLS_IO_ERR=1

This change assumes that admins should not expect a peeking Squid to automatically enforce a particular set of handshake conditions (e.g., "no legacy TLS servers"). Peeking is interpreted as "get as much handshake information as possible without breaking things" rather than "automatically validate handshake, even if it risks breaking things". A peeking Squid still validates the received origin certificate (where available). If that assumption is proven wrong, we will need to make the choice configurable.

TODO: When staring, apply tls_outgoing_options.