Fun fact: PR_Close leaks memory if its socket is not valid.

The tls_log_errors() function now behaves differently for NSS than
it did for OpenSSL, so we need to tweak it a bit.

This function was supposed to implement a half-duplex mode for our
TLS connections.  However, nothing in Tor actually uses it (besides
some unit tests), and the implementation looks really questionable
to me.  It's probably best to remove it.  We can add a tested one
later if we need one in the future.

This is enough to get a chutney network to bootstrap, though a bunch
of work remains.

7 unit tests are failing at this point, but they're all TLS-related.

We used to link both libraries at once, but now that I'm working on
TLS, there's nothing left to keep OpenSSL around for when NSS is
enabled.

Note that this patch causes a couple of places that still assumed
OpenSSL to be disabled when NSS is enabled
   - tor-gencert
   - pbkdf2

Also, add a stubbed-out nss version of the modules.  The tests won't
pass with NSS yet since the NSS modules don't do anything.

This is a good patch to read with --color-moved.