Add key log callback option to SSLContext

[chrisvest]

Motivation:
Wireshark can decrypt TLS sessions during packet capture, if the session keys (etc.) are available from an SSL key log file. This log file format has become a de facto industry standard, and BoringSSL (and maybe the others too, didn't check) has a callback mechanism for delivering log lines in this format.

Modification:
Add KeyLogCallback interface and an SSLContext.setKeyLogCallback method, which integrators can easily implement the SSLKEYLOGFILE feature, or equivalent, on top of.

Result:
It is now possible to configure netty-tcnative in a way that TLS sessions can be decrypted at packet-capture time by Wireshark, making it easier to investigate and debug problems with TLS.

[chrisvest]

Maybe relevant to your interests as well, @hyperxpro.

[chrisvest]

Not only a de facto standard, but perhaps on its way to becoming a formalized standard as well: https://datatracker.ietf.org/doc/draft-ietf-tls-keylogfile/

[normanmaurer]

Generally speaking looks good. Just two nits.

[hyperxpro]

I will write an example for this and try to couple it with PcapWriteHandler.

[makkarpov]

For now, it seems like there is no public API to access the required context pointer.

long ctx is a protected field in io.netty.handler.ssl.ReferenceCountedOpenSslContext. Deprecated-but-public sslCtxPointer() is not an option, since function expects pointer to tcn_ssl_ctxt_t, not SSL_CTX. Attempt to use it will result in a segfault.

It looks like a reflective access to the private long ctx field is required to actually use this API. Luckily, Netty is an automatic module, and therefore is open by default. So this actually works without any --add-opens in modern JDKs. But still looks like a hack.

But otherwise the API works, thank you for implementing this.