dnsdist: Add support for switching certificates based on SNI w/ OpenSSL
We already supported this with GnuTLS, but OpenSSL does not make it
easy: we need to keep a different `SSL_CTX` object for each certificate/key
and change the `SSL_CTX` associated with an incoming connection to
the correct one based on the Server Name Indication from the servername
callback (actually OpenSSL devs advise to use the ClientHello callback
instead when using a recent enough version of OpenSSL, but the
SNI hostname is not available is not available at this point so we
would have to parse it ourselves, which is a terrible idea, and the
drawbacks are not clear. `nginx` has been getting away with it, so
hopefully we will as well).
One additional issue is that we still need to load certificates
for the same name but different key types (RSA vs ECDSA, for example)
in the same `SSL_CTX` context, which makes the code a bit convoluted.