Let broker/bridge/probetest acme/autocert use ALPN-01 challenge

As far back as October 2022, we have messages like this in the snowflake-server logs:

2022/10/15 08:58:35 http: TLS handshake error from [scrubbed]: tls: client requested unsupported application protocols ([acme-tls/1])

The ALPN-01 challenge is an alternative to the HTTP-01 challenge we currently use (broker, bridge). To use it, we need to:

https://pkg.go.dev/golang.org/x/crypto@v0.17.0/acme/autocert#Manager.GetCertificate

If GetCertificate is used directly, instead of via Manager.TLSConfig, package users will also have to add acme.ALPNProto to NextProtos for tls-alpn-01, or use HTTPHandler for http-01.

Probably the easiest way to do it is to call Manager.TLSConfig, which "creates a new TLS config suitable for net/http.Server servers, supporting HTTP/2 and the tls-alpn-01 ACME challenge type". Currently, we use a manually created &tls.Config in the broker and in probetest, and we use the tls.Config created by http2.ConfigureServer in the server (which configures HTTP/2 but not the necessary ALPN string).