DNS-over-TLS (7858) for the dns-client: With_tls functor

[hannesm]

This adds DNS-over-TLS (RFC 7858) to the dns-client. This compiles, but have not been tested (and clients need to be adapted, esp. the TLS authenticator needs to be provided).

[hannesm]

/cc @cfcs if you're interested.. I'm not yet sure whether adding "tls" as hard dependency to dns-client is good, but the alternative (more opam packages) doesn't feel good either. Eventually a tls-build-time-dependency is fine, and the compiler should be smart enough (with link-time-optimization -- https://github.com/ocaml/ocaml/pull/608) at some point to remove the code at link time.

[hannesm]

mostly a proof of concept here, but:

• odns works (with various public resolvers)

what is left to be done: provide command-line arguments for authenticator (trust anchors, public key (or cert) fingerprints, evenually hostname) -- eventually there should be a post-resolving authentication with dnssec, and dane (see https://datatracker.ietf.org/doc/html/rfc8310#section-6 for details)

[hannesm]

with f6fabea the odns tool supports dns-over-tls, including command line arguments for the various authentication mechanisms.

[hannesm]

This was an interesting prototype, but with #269 being merged we need to rework it.