quic: add TLS session ticket resumption support

[bellatoris]

Commit Message: quic: add session ticket resumption support using configured session ticket keys
Additional Description:

Summary

TLS session resumption is essential for QUIC performance. Without it, every connection requires a full TLS handshake, and 0-RTT becomes meaningless since there's no session state to resume from. As noted in #42682, TLS-related data accounts for roughly 1/3 of bytes during connection establishment - session resumption eliminates most of this overhead.

Currently, Envoy's QUIC implementation does not support session resumption across workers or processes. While users can configure session_ticket_keys or session_ticket_keys_sds_secret_config in downstream TLS context, these settings have no effect on QUIC connections. This limitation is documented in #25418, which explicitly states that session ticket key plumbing is missing from the QUIC implementation.

This PR bridges that gap by enabling QUIC to use the same session ticket keys configured for TCP TLS, allowing session resumption to work across workers and processes.

Implementation

We create a custom EnvoyTlsServerHandshaker that extends QUICHE's TlsServerHandshaker and provides EnvoyProofSourceHandle to pass filter chain context during certificate selection.

Note: QUICHE's DefaultProofSourceHandle is a private nested class inside TlsServerHandshaker, so we cannot extend or reuse it directly. We had to copy the relevant implementation and add our customizations.

Key design decisions:

1. SSL ex_data for context passing: During SelectCertificate(), we store the filter chain pointer in SSL ex_data. This allows the session ticket callback to retrieve per-connection configuration.

2. SSL_CTX_set_tlsext_ticket_key_cb over SSL_CTX_set_ticket_aead_method: We use the same callback mechanism as TCP TLS rather than QUICHE's TicketCrypter interface. This allows us to reuse ServerContextImpl::sessionTicketProcess() directly, ensuring identical session ticket handling between TCP and QUIC.

3. Respect existing configuration: We check disable_stateless_session_resumption, session_ticket_keys, and handles_session_resumption from the transport socket factory and disable tickets accordingly via SSL_OP_NO_TICKET.

Flow

EnvoyTlsServerHandshaker::MaybeCreateProofSourceHandle()
  └─→ EnvoyProofSourceHandle::SelectCertificate()
        └─→ SSL_set_ex_data(ssl, filter_chain)

SSL_CTX_set_tlsext_ticket_key_cb (installed in OnNewSslCtx)
  └─→ SSL_get_ex_data(ssl) → filter_chain
        └─→ QuicServerTransportSocketFactory::sessionTicketProcess()
              └─→ ServerContextImpl::sessionTicketProcess()

Risk Level: Low (behind runtime guard, disabled by default)
Testing: Existing tests, manual verification with QUIC clients
Docs Changes: N/A
Release Notes: Added
Platform Specific Features: N/A
[Optional Runtime guard:] envoy.reloadable_features.quic_session_ticket_support (default: false)
[Optional Fixes #Issue] Partially addresses #25418

[repokitteh-read-only]

Hi @bellatoris, welcome and thank you for your contribution.

We will try to review your Pull Request as quickly as possible.

In the meantime, please take a look at the contribution guidelines if you have not done so already.

🐱

Caused by: #42734 was opened by bellatoris.

see: more, trace.

[repokitteh-read-only]

CC @envoyproxy/runtime-guard-changes: FYI only for changes made to (source/common/runtime/runtime_features.cc).

🐱

Caused by: #42734 was opened by bellatoris.

see: more, trace.

[ravenblackx]

Please fix format.

/wait

[kyessenov]

Please merge main.
/wait