Use ECH payload to distinguish CHI from CHO

[cjpatton]

Currently we distinguish between CHI and CHO by sending "ech_is_inner" in CHI and "encrypted_client_hello" in CHO. A future change will signal ECH acceptance in HRR using the "encrypted_client_hello" codepoint. This would violate 8446's rule that disallows unsolicited extensions. In preparation for this change, this commit removes the "ech_is_inner" extension and adds a byte to the payload of "encrypted_client_hello" that signals to the server whether the message is CHI or CHO.

[cjpatton]

Rebased and squashed.

[cjpatton]

Rebased.