[QUIC] Eliminate peer X509 certificate parsing on Linux

[rzikm]

Originally, MsQuic linked statically to both libssl (forked to add QUIC supporting APIs) and libcrypto. Because of that it was dangerous to pass raw X509* to applications, because the system installed libcrypto (where OpenSSL's X.509 code lives) could be different version and have different X509 object layout. So currently, the certificates are being serialized to DER or PKCS12 format and parsed again by the application, which delays the handshake by about 1 ms.

Since recent MsQuic versions are compiled to use system-installed libcrypto, it should be possible to exchange raw X509* under these conditions:

• MsQuic was compiled with -UseSystemOpenSSLCrypto
• MsQuic was dynamically linked against the same libcrypto version used by .NET process

To verify these conditions, we need additional API surface in MsQuic (additional global Get-only parameters).

[dotnet-policy-service[bot]]

Tagging subscribers to this area: @dotnet/ncl See info in area-owners.md if you want to be subscribed.

[rzikm]

Scratch that, i must have miscounted decimal digits, the impact is order of magnitude lower than I assumed (in order of ms). Updatd description. This makes it low priority.