TLS ECH confirmation fix and OuterExtension addition

[sebastian-carpenter]

Description

Original issue stems from wolfssl-examples/tls/client-ech not working. This issue was a confirmation value mismatch between Cloudflare and our ECH client implementation. The confirmation value is present in the HelloRetryRequest's encrypted_client_hello extension.

• Confirmation mismatch was resolved by refactoring most of the transcript code for ECH.
  • Managed to remove a transcript hash that seemed unecessary. (hsHashesEchInner)
  • Merged most of the client and server calculation for ECH transcript into similar functions.
  • Random value only copied into client hello inner once now
• Fixed segfault when server does not respond with a confirmation value
• Added OuterExtensions extension support to the server to allow testing agains openssl s_client (second confirmation that transcript hash is now correct)
  • OuterExtensions will copy extensions from the outer hello into the inner hello

Addresses github issue #6925

Testing

With ECH enabled OpenSSL:

openssl s_client -connect 127.0.0.1:11111 -servername ech-private-name.com -CAfile ../wolfssl-examples/certs/ca-cert.pem -tls1_3 -ech_config_list AEb+DQBCKwAgACARYidanwtcQUp0EfBd0qll0hpqgXpDlNj+iVAIUO5tDAAEAAEAAQATZWNoLXB1YmxpYy1uYW1lLmNvbQAA

This is run against the wolfssl-examples repo ./tls/server-ech-local example.

Also ran ./tls/client-ech-local against the example server and the updated ./tls/client-ech part of a wolfssl-example PR (wolfSSL/wolfssl-examples#556)

Checklist

• added tests
• updated/added doxygen
• updated appropriate READMEs
• Updated manual and documentation