[TLS 1.3] Test Hybrid Schemes Online

[reneme]

This introduces an online test in test_cli.py that attempts TLS 1.3 handshakes using hybrid PQ/T key exchange schemes against a number of pre-production services. Namely:

• test.openquantumsafe.org
• pq.cloudflareresearch.com, and
• qsc.eu-de.kms.cloud.ibm.com.

To facilitate that, I adapted ./botan tls_client to terminate with a non-zero status code if neither the peer nor us have sent/received a proper close_notify alert. Most notably: Handshake failures now result in a non-zero result code. Also the test_cli() helper method now supports an optional timeout.

The online tests are run only when test_cli.py is launched with --run-online-tests. I did not reconfigure any CI configuration to do that so that we're not dependent on external (beta) services. @randombit Should we have some nightly that runs those tests?

To try, after building the CLI, run this:

src/scripts/test_cli.py --run-online-tests $(pwd)/botan pqc

Closes #3731

[coveralls]

coverage: 91.693% (+0.005%) from 91.688% when pulling 870e008 on tls13/test_hybrid_schemes_online into 30ecb87 on master.

[randombit]

Nice, thanks for digging into this. Nightly run of this seems good enough; I expect otherwise we'll get (more) flaky CI builds due to networking problems. We can do this in a followup.