Upgrade a JS socket to TLS directly if possible

[mikeshepherd]

This change alters how an upgrade to a TLS Socket is performed on JS runtimes.

Currently there is a lot of machinery to back and forth between native JS and FS2 constructs in order to perform the upgrade. On the client side it currently goes "JS Socket <-> FS2 Socket <-> JS Duplex <-> JS TLS Socket <-> FS2 Socket".

Since JS can perform this upgrade directly we can let it do so when we have access to an underlying JS socket. This results in "JS Socket <-> JS TLS Socket <-> FS2 Socket" instead, with the associated removal of several layers of Queues and Channels involved in the conversions. Note that the non TLS FS2 socket remains as is, it just is no longer involved in the TLS upgrade.

This is related to #3138 as it performs the optimization described there in limited situations that we can access without changing the API.

Will also address one of the issues on #3338 related to use of closed dispatchers in the duplex stream, as we no longer use it.