TLS 1.3 server: Add parsing of the End of Early Data message

[ronald-cron-arm]

This issue tracks the up-streaming on server side of the parsing of the End of Early Data message.

Source: https://github.com/hannestschofenig/mbedtls/tree/tls13-prototype

PLEASE READ THOROUGHLY section 4.5 of the specification

• Add MBEDTLS_SSL_END_OF_EARLY_DATA state and its handler. The server transitions unconditionally from the MBEDTLS_SSL_SERVER_FINISHED state to the MBEDTLS_SSL_END_OF_EARLY_DATA state. Then if ssl->handshake->early_data == MBEDTLS_SSL_EARLY_DATA_OFF, the state should be skipped (coordinate function). From MBEDTLS_SSL_END_OF_EARLY_DATA the client transitions conditionally to MBEDTLS_SSL_CLIENT_CERTIFICATE or MBEDTLS_SSL_CLIENT_FINISHED depending on the value of ssl->handshake->certificate_request_sent as currently done in ssl_tls13_write_server_finished().
• Move the switch to the handshake transform for inbound data to the post-processing of the MBEDTLS_SSL_END_OF_EARLY_DATA state.

Testing:
test (ssl-opt.sh test) with a GnuTLS client (not possible with an OpenSSL client I think) a resumption handshake with the ClientHello and the EncryptedExtensions containing an early data indication extension and the server receiving an End of Early Data message. I expect the handshake to run successfully at that point without any early data being exchanged but I may miss something.

Depends on #6331, #6338