Add allow_renegotiation to ssl.wrap_socket()

[martijns]

In order to authenticate and communicate using client-certificate authentication with Azure Web Apps, TLS session renegotiation must be enabled. When failing to do so, reading from the socket after sending the initial HTTP request will fail with OSError: [Errno -80] MBEDTLS_ERR_NET_CONN_RESET.

This pull request adds a parameter to ssl.wrap_socket() called allow_renegotiation. This is disabled by default as per current implementation, but can be enabled by setting it to True.

Lacking official documentation on the inner workings, some speculation on what might be happening:

• Azure Web App supports enabling client-certificates, but also supports excluding the requirement for specific paths
• A front-end load-balancer accepts the connection with any certificate and reads the request, in order to read the requested path
• The load-balancer passes the connection on to the application, possibly removing itself as a man-in-the-middle. This might prompt the requirement for renegotiation. The client-certificate is passed as a header in the request from the load-balancer to the application (X-ARR-ClientCert).

[CLAassistant]

All committers have signed the CLA.