~mcf/libtls-bearssl

Define _GNU_SOURCE instead of _DEFAULT_SOURCE

We also need [v]asprintf for tls.c, and glibc doesn't declare these
functions without _GNU_SOURCE.

Issue reported by Issam E. Maghni.
tls_config: Include strings.h for strcasecmp
Clean libtls.pc
Add pkg-config file
Merge branch 'upstream'
Import libtls from LibreSSL 3.1.0
Treat write_cb() == 0 as an error

Otherwise, we'll end up infinite looping when trying to write a
record.

ffmpeg will return 0 if the connection is interrupted via the AVIO
interrupt callback, triggering this behavior.
Remove trailing whitespace
Remove tls_ssl_error

This was the wrong place to check for BearSSL engine errors, and
EOF handling is only needed for the read callback.
Make tls_write save buffered length, and attempt to write the full record
Fix a few more issues with I/O functions

- tls_write should return -1 when it called read_cb and that returned
  EOF.
- tls_close does not need to manually discard application data after
  br_ssl_engine_close, BearSSL does this automatically.
- Reinstate TLS_SSL_IN_SHUTDOWN, since we don't want to read or
  write records if a handshake was never started.
- tls_write should not return 0 or TLS_WANT_POLLIN if the data was
  successfully buffered, but could not be fully written. Actually,
  it look like tls_write should not return a positive value unless
  it completed wrote the application data record, but that's a task
  for a future commit.
Fix tls_handshake return value
Fix some issues with EOF and connection shutdown
Rework bearssl_parse_ciphers

Now it supports prefixes like '+', '-', and '!', and keeps track
of the order of unavailable ciphers.
tls_peer_cert_subject now works
Retrieve certificate subject string
Detect when we are decoding a secret key object
Don't check exponent when sanity checking public/private key

Checking the modulus alone is enough to check that the key and
certificate are compatible, and BearSSL isn't able to compute the
public exponent for RSA private keys with p and q that are not 3
mod 4.
Allow key files to contain other PEM objects as well
Set error message when we couldn't parse the cipher list
Next