tls: improve record checks

tls: improve record checks

Improve unknown record handling. Inspired by Wireshark 'unknown record'
handling, we take a best effort approach for records with unknown content
types in TLS versions 1.0, 1.1 and 1.2.

Improve record length check and set 'invalid_record_length' event instead
of 'invalid_tls_header'.

(cherry picked from commit 69be41b241bc7fd1a5b7f3988b51f5859ab27d57)