This function was supposed to implement a half-duplex mode for our
TLS connections.  However, nothing in Tor actually uses it (besides
some unit tests), and the implementation looks really questionable
to me.  It's probably best to remove it.  We can add a tested one
later if we need one in the future.

This is enough to get a chutney network to bootstrap, though a bunch
of work remains.

7 unit tests are failing at this point, but they're all TLS-related.

I'll need this for debugging.

This ensures that our test failure messages actually tell us what
strings Tor was expecting.  I will need this to debug some test
failures.

This was a gap that we left in the last commit.

We used to link both libraries at once, but now that I'm working on
TLS, there's nothing left to keep OpenSSL around for when NSS is
enabled.

Note that this patch causes a couple of places that still assumed
OpenSSL to be disabled when NSS is enabled
   - tor-gencert
   - pbkdf2

Also, add a stubbed-out nss version of the modules.  The tests won't
pass with NSS yet since the NSS modules don't do anything.

This is a good patch to read with --color-moved.

This cleans up a lot of junk from crypto_rsa_openssl, and will
save us duplicated code in crypto_rsa_nss (when it exists).

(Actually, it already exists, but I am going to use git rebase so
that this commit precedes the creation of crypto_rsa_nss.)

These functions exist only to expose RSA keys to other places in Tor
that use OpenSSL; let's be specific about their purpose.

It is not nice to expose a private key's contents without having the
function name advertise the fact.  Fortunately, we weren't misusing
these yet.

(We do this unconditionally, since we still need it for tortls.c)

Notably, there's a test to make sure that it round-trips with
OpenSSL, if OpenSSL is enabled.

We only ever need this to get us a DH ephemeral key object,
so make a function that does just that.