eap-tls: Fix server implementation with TLS 1.2 and earlier

eap-tls: Fix server implementation with TLS 1.2 and earlier

With 5401a74d3608 ("eap-tls: Add support for TLS 1.3") a TLS application
was added to implement TLS 1.3's protected success indication.  For
earlier TLS versions, its build() method simply returned SUCCESS as
there was nothing to send.  However, that had the unintended side-effect
of also not sending the final TLS handshake messages (ChangeCipherSpec
and Finished).

The reason is that the TLS stack first checks for remaining handshake
messages but then also asks the registered application for data to
piggyback to that response (before the commit there was no application,
so that step was skipped).  The problem is that the status returned by
the application is directly forwarded through the TLS stack.  So not
returning INVALID_STATE caused the session to get concluded immediately
instead of resulting in ALREADY_DONE that would trigger sending the
final EAP message instead of an EAP-Success.

Fixes: 5401a74d3608 ("eap-tls: Add support for TLS 1.3")