Handshake changes necessary to negotiate NPN

[maddeleine]

Resolved issues:

Related to #3516

Description of changes:

This pulls some code out of the monster PR: #3545. Essentially I am pulling out the important handshake message changes that need to occur to negotiate NPN. These are:

1. Calculate the verify data when receiving the Finished message to incorporate the Encrypted Extensions message in an NPN handshake.
2. Switch to the secure crypto parameters when sending an Encrypted Extensions message as this is now the first encrypted message.

None of these changes should affect the regular non-NPN handshake.

Call-outs:

I am trying to keep the changes in this PR in sync with #3545 so you can see that these changes let us pass the s2n_self_talk_npn_test. Otherwise I can't really prove that these changes are necessary to successfully negotiate NPN.

Testing:

unit
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[lrstewart]

From offline discussion: it's pretty hard to reason about these changes, because the actions of these messages are now very dependent on message ordering. Which isn't great.

I think we might be able to make this easier to follow with some abstraction. Like, a "start encryption" method that, if the crypto parameters aren't set to conn->secure yet, zeroes the sequence number and sets the crypto parameters to conn->secure. Both npn and the ccs message would call the new method, but wouldn't have to be aware of each other.

[lrstewart]

Just a few nits now. It's sad that pre-renegotiation you'd be saving us a few bytes, because we wouldn't need to store the verify_data anymore :(