TlsAcceptCallbacks support for rustls backend

[dpfeifer2]

Support TlsAcceptCallbacks for the rustls backend

Ports the TlsAcceptCallbacks support from upstream #833, excluding the parts flagged in review there: that PR bundles unrelated changes (intentional webpki policy bypass on cert loading, custom ServerCertVerifier support in the connector) which @nojima asked to split into a separate PR (#833 (comment)) for independent security discussion. This PR takes only the callbacks feature.

Changes
• TlsSettings::with_callbacks(cb) now works with rustls (previously returned an error); added set_certificate_chain_file() / set_private_key_file() and set_cert_resolver() for dynamic cert selection
• TlsRef extended from an empty struct to expose post-handshake state.
• handshake_with_callback() passes a populated TlsRef to handshake_complete_callback, matching the OpenSSL/BoringSSL behavior
• Added test_handshake_complete_callback integration test

Deviations from #833
• No webpki bypass: cert/key loading still goes through with_single_cert()
• Test uses the ring provider instead of aws_lc_rs

[dpfeifer2]

Hey @nojima , @johnhurt and @jsulmont , not much seems to have happened regarding #833 for a while. I would like to get the TlsAcceptCallbacks support for rustls. Given the change of #833 seems to have already been reviewed is there any chance we can get this PR merged (with the proposed split to leave out any unrelated changes from #833). Would appreciate it! Let me know if you have further comments I should address on this PR.
CC @stepancheg fyi