RFC: fix SSL_CTX lifetime management for ph_sock_t

[wez]

This is a heads-up; I'm going to change corelib/net/socket.c so that it doesn't SSL_CTX_free() in sock_dtor.

The TL;DR is that SSL_CTX's are relatively expensive to create (reading and loading keys, certs) and can be shared between SSL instances, so having the sock unilaterally tear everything down imposes a higher cost on the use of SSL than is needed.

The plan is to simply make the socket.c code agnostic when it comes to SSL_CTX. This means that any code that uses SSL enabled ph_sock_t's will need to be changed to either create a long lived SSL_CTX, or to handle the tear down for each session as part of destroying the sock object.

[wez]

In making this change, I realized that it is still convenient to free this for clients, so I'm making it an option that you can set on the sock; the default is preserve backwards compatible behavior.