crypto/tls: make cipher suite preference ordering automatic

We now have a (well, two, depending on AES hardware support) universal
cipher suite preference order, based on their security and performance.
Peer and application lists are now treated as filters (and AES hardware
support hints) that are applied to this universal order.

This removes a complex and nuanced decision from the application's
responsibilities, one which we are better equipped to make and which
applications usually don't need to have an opinion about. It also lets
us worry less about what suites we support or enable, because we can be
confident that bad ones won't be selected over good ones.

This also moves 3DES suites to InsecureCipherSuites(), even if they are
not disabled by default. Just because we can keep them as a last resort
it doesn't mean they are secure. Thankfully we had not promised that
Insecure means disabled by default.

Notable test changes:

  - TestCipherSuiteCertPreferenceECDSA was testing that we'd pick the
    right certificate regardless of CipherSuite ordering, which is now
    completely ignored, as tested by TestCipherSuitePreference. Removed.

  - The openssl command of TestHandshakeServerExportKeyingMaterial was
    broken for TLS 1.0 in CL 262857, but its golden file was not
    regenerated, so the test kept passing. It now broke because the
    selected suite from the ones in the golden file changed.

  - In TestAESCipherReordering, "server strongly prefers AES-GCM" is
    removed because there is no way for a server to express a strong
    preference anymore; "client prefers AES-GCM and AES-CBC over ChaCha"
    switched to ChaCha20 when the server lacks AES hardware; and finally
    "client supports multiple AES-GCM" changed to always prefer AES-128
    per the universal preference list.

    * this is going back on an explicit decision from CL 262857, and
      while that client order is weird and does suggest a strong dislike
      for ChaCha20, we have a strong dislike for software AES, so it
      didn't feel worth making the logic more complex

  - All Client-* golden files had to be regenerated because the
    ClientHello cipher suites have changed.
    (Even when Config.CipherSuites was limited to one suite, the TLS 1.3
    default order changed.)

Fixes #45430
Fixes #41476 (as 3DES is now always the last resort)

Change-Id: If5f5d356c0f8d1f1c7542fb06644a478d6bad1e5
Reviewed-on: https://go-review.googlesource.com/c/go/+/314609
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>

testdata/Client-TLSv12-Ed25519

@@ -3,10 +3,10 @@
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 32 cc a8  |.............2..|
-00000050  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000060  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000070  c0 12 00 0a 00 05 c0 11  c0 07 13 01 13 03 13 02  |................|
+00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 32 cc a9  |.............2..|
+00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
+00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
+00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
 00000080  01 00 00 7b 00 05 00 05  01 00 00 00 00 00 0a 00  |...{............|
 00000090  0a 00 08 00 1d 00 17 00  18 00 19 00 0b 00 02 01  |................|
 000000a0  00 00 0d 00 1a 00 18 08  04 04 03 08 07 08 05 08  |................|
@@ -16,11 +16,11 @@
 000000e0  e5 7d a3 47 cd 62 43 15  28 da ac 5f bb 29 07 30  |.}.G.bC.(.._.).0|
 000000f0  ff f6 84 af c4 cf c2 ed  90 99 5f 58 cb 3b 74     |.........._X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 66 49 2a a6 a4  |....Y...U..fI*..|
-00000010  75 60 58 bb 5f 5e 82 cd  e5 c0 9f 6d a4 fd 39 3b  |u`X._^.....m..9;|
-00000020  d9 17 80 14 89 ea 51 c1  b0 43 d6 20 b2 6b 72 81  |......Q..C. .kr.|
-00000030  f6 63 20 22 e2 b6 d2 61  aa 87 b6 67 ae 56 78 44  |.c "...a...g.VxD|
-00000040  5d 10 8c cf ea 32 cf 9e  92 e5 59 70 cc a9 00 00  |]....2....Yp....|
+00000000  16 03 03 00 59 02 00 00  55 03 03 6c 5f 04 9e a6  |....Y...U..l_...|
+00000010  c6 41 0c ee a2 2c af 45  f0 bc de 67 2d 20 1c 9c  |.A...,.E...g- ..|
+00000020  82 33 fd 86 86 b3 50 04  77 ec da 20 f3 09 fb 8c  |.3....P.w.. ....|
+00000030  79 83 f9 82 58 b9 76 bb  d3 58 44 3d 52 0c 37 ae  |y...X.v..XD=R.7.|
+00000040  18 98 84 9a 56 af 5d 2b  68 68 c7 30 cc a9 00 00  |....V.]+hh.0....|
 00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
 00000060  03 01 3c 0b 00 01 38 00  01 35 00 01 32 30 82 01  |..<...8..5..20..|
 00000070  2e 30 81 e1 a0 03 02 01  02 02 10 0f 43 1c 42 57  |.0..........C.BW|
@@ -42,27 +42,27 @@
 00000170  90 95 39 e5 0d c1 55 ff  2c 16 b7 1d fc ab 7d 4d  |..9...U.,.....}M|
 00000180  d4 e0 93 13 d0 a9 42 e0  b6 6b fe 5d 67 48 d7 9f  |......B..k.]gH..|
 00000190  50 bc 6c cd 4b 03 83 7c  f2 08 58 cd ac cf 0c 16  |P.l.K..|..X.....|
-000001a0  03 03 00 6c 0c 00 00 68  03 00 1d 20 c4 8c b8 a2  |...l...h... ....|
-000001b0  32 92 b8 22 1f 4c f1 96  00 64 35 47 4e f8 3d 08  |2..".L...d5GN.=.|
-000001c0  83 12 fe 95 a8 e4 8e c9  30 27 5c 39 08 07 00 40  |........0'\9...@|
-000001d0  7f 90 cf e0 87 69 e3 50  e6 fa 5e 28 a1 0f 79 0a  |.....i.P..^(..y.|
-000001e0  6e cf f4 87 e8 2f 55 b2  dd cb 5e 8f 9a 14 bd c2  |n..../U...^.....|
-000001f0  2b 2b 2d ed 72 40 23 5d  6d f4 89 3a ff 09 82 ec  |++-.r@#]m..:....|
-00000200  b6 4b 27 9a 08 ea e9 73  94 b4 31 1f e1 39 86 0e  |.K'....s..1..9..|
+000001a0  03 03 00 6c 0c 00 00 68  03 00 1d 20 a7 28 ef 3e  |...l...h... .(.>|
+000001b0  1c 65 9f 8e 9a 80 0b 7d  ac 9c ce d6 1e 97 54 30  |.e.....}......T0|
+000001c0  53 9b e6 0c 61 e0 ea 9c  ae 70 f2 78 08 07 00 40  |S...a....p.x...@|
+000001d0  0c 49 38 23 a0 75 28 fb  ec 71 a4 89 79 45 d1 ca  |.I8#.u(..q..yE..|
+000001e0  83 6f 5d dd 01 d4 c6 63  53 5d 6e 8f 06 09 80 a1  |.o]....cS]n.....|
+000001f0  f7 ef af 2d 29 af aa 10  86 1c 18 19 3f be bb 90  |...-).......?...|
+00000200  0e c3 9d 1e 6e 60 49 7f  fc c8 42 61 89 c2 e3 04  |....n`I...Ba....|
 00000210  16 03 03 00 04 0e 00 00  00                       |.........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 8f 97 36  bd 59 ef 8e 2f 11 28 b0  |.... ..6.Y../.(.|
-00000040  d7 20 79 bf 04 07 45 f9  89 de b0 c7 55 1a ad 80  |. y...E.....U...|
-00000050  0f 8c ef 1d c6                                    |.....|
+00000030  16 03 03 00 20 b2 7f b6  1b 9c ec bf 2e ae a5 70  |.... ..........p|
+00000040  d5 33 9b 63 02 66 77 7d  00 ec 86 e4 bb d4 57 68  |.3.c.fw}......Wh|
+00000050  49 2a d3 be e7                                    |I*...|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 47 6c 1f 86 47  |.......... Gl..G|
-00000010  72 03 94 e0 43 f8 e5 ca  03 7d f5 d5 dd 70 05 f5  |r...C....}...p..|
-00000020  98 5d 51 b4 11 49 71 7a  fd 37 9a                 |.]Q..Iqz.7.|
+00000000  14 03 03 00 01 01 16 03  03 00 20 4c 7d ef ed ea  |.......... L}...|
+00000010  ab 8d 4f 38 46 6e 8f 56  b4 1d f2 1f 2c df 57 c0  |..O8Fn.V....,.W.|
+00000020  f9 8a c2 71 f8 6d df b7  c7 1e 23                 |...q.m....#|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 b7 a2 f5  8e 7c d3 7d 61 af 29 1c  |.........|.}a.).|
-00000010  77 0c 8d b4 5b d3 be 77  a6 a5 99 15 03 03 00 12  |w...[..w........|
-00000020  d8 23 dc a8 99 fe 1c 6e  f2 2f 41 8e df 40 11 4f  |.#.....n./A..@.O|
-00000030  6b 92                                             |k.|
+00000000  17 03 03 00 16 26 f1 7c  ee c8 3a 61 b0 f7 5a bd  |.....&.|..:a..Z.|
+00000010  b7 61 61 60 69 db cd ea  10 ee 63 15 03 03 00 12  |.aa`i.....c.....|
+00000020  22 c0 65 a4 5d 0e 48 9c  56 f8 54 17 82 5f 29 97  |".e.].H.V.T.._).|
+00000030  be 6b                                             |.k|