Support TLS 1.3 post-handshake authentication
glib-networking will require some changes to support TLS 1.3 post-handshake authentication, as described at Nikos's blog:
TLS 1.2 provided a combined re-authentication and re-key mechanism under the re-handshake umbrella. In TLS 1.3 these two mechanisms are disassociated, and replaced by the re-key (to be discussed later) and the post-handshake authentication mechanism. The latter, is a mechanism that can be triggered only by the server, and requests the client to present a certificate. In GnuTLS the implementation relies on a new non-fatal error code which must be handled by the client application. To avoid unintentional side-effects to existing software, this mechanism must be explicitly enabled by the client and the server. That enablement is done by specifying GNUTLS_POST_HANDSHAKE_AUTH as a gnutls_init() flag in both client and server. Once that done, a server can request post-handshake authentication from the client by calling the new API, gnutls_reauth(), and the client should re-act to the GNUTLS_E_REAUTH_REQUEST error code, by calling the same function.