Add new API for sending early data

[zhihan]

At present, the API for the client to send early data is via the config function mbedtls_ssl_conf_early_data(). This would be done before the start of handshake. This API can be sub-optimal in some use cases. For example, consider a streaming app, if some streaming data become available after handshake started but before the client receives server hello, the data can be sent immediately as early data, without waiting for the 1-RTT response from the server. But with the current API, the data must be sent as 1-RTT.

To allow this behavior, we can add a method mbedtls_ssl_write_early_data(), similar to the SSL_write_early_data() in OpenSSL [1]. It would have the same signature as mbedtls_ssl_write(). The method sends data as early data and returns with an error message if it cannot send early data; for example, if max_early_data_size is reached, the TLS session has not set up PSK, handshake has completed or early data is rejected.

This issue is for sending early data only. We might need to do the same for receiving early data on the server end.

[zhihan]

An alternative to this approach is to make mbedtls_ssl_write() handle early data implicitly. Specifically,

1. If a session is enabled for early data, perform handshake enough to send early data, and then send early data and return.
2. Otherwise, perform the full handshake and send data normally.

Since currently mbedtls_ssl_write() already perform handshake implicitly, this approach could be a better fit.

[zhihan]

Here is a write-up of the PR and design alternatives: https://docs.google.com/document/d/1h0Uf9ULJA0IgHR2dWhNynatjihQEN5IiFkvmkZD_ikc/edit?usp=sharing