Support for draft 22

[Lekensteyn]

Current master supports draft 18 only. During the IETF 100 hackathon, partial support was added for "soon-to-be-draft 22" based on the pwu/client branch from #43.

While working on tests for draft22, I have found some issues:

• [x] bogo: assumes draft18 support, fails for instance the FallbackSCSV-VersionMatch-TLS13 test with "Inappropriate fallback" because our server does not recognize the advertised draft 18 version in supported_versions. Requires https://boringssl-review.googlesource.com/c/boringssl/+/23704 integrated into draft22 branch of shim
• [x] boringssl: client requires -tls-variant draft22, but that uses an experimental codepoint (7e04) for supported_version instead of 7f18 (presumably since the draft is not final yet). bogo shim is now updated to use the final draft version
• [x] tstclnt (NSS): fails with "tls: invalid client PSK" tris fix pending, draft 21 added a ticket nonce which changed the PSK calculation
• [ ] picotls client: fails with "ptls_handshake:47" (possibly because we require X25519 while picotls seems to use P256 and sends a HRR which we do not support yet).

Branches:

• tris: pwu/draft22 - draft22 client+server developed during hackathon
• tris: pwu/server-draft22 - attempt to integrate draft22 with the server only (since client support is not merged yet)
• crypto-tls-bogo-shim: https://github.com/FiloSottile/crypto-tls-bogo-shim/tree/draft22 - update with latest bogo code that "supports" draft22 (but with above issue)

[Lekensteyn]

Current master now supports client and server draft 22, minus HRR.