crypto/tls: Vet interaction between ECH and PSK

[cjpatton]

We may have a bug in crypto/tls that would be triggered by ECH rejection when the server supports PSK. The bug would cause the handshake to fail. I will investigate soon, unless someone gets there first. The temporary fix should be as simple as disabling ECH+PSK. It's likely that the spec will be changed in a way that allows us to properly patch this problem without a major refactor. See https://github.com/tlswg/draft-ietf-tls-esni/issues/399.

[cjpatton]

This will be fixed in draft 11 by https://github.com/tlswg/draft-ietf-tls-esni/pull/420.