test(integration): add mTLS integration tests

[kaukabrizvi]

Goal

Add mTLS integration tests for certificate-validation callbacks that exercise both synchronous and asynchronous validation across TLS versions and implementations, without changing the public Rust callback API. (This PR adds Rustls↔s2n coverage; additional libraries will be added in follow-up work.)

Why

The existing Rust bindings only supported synchronous certificate validation. We still need async coverage to match the C API and to ensure regression coverage for real-world mTLS deployments. Adding these integration tests gives us the missing end-to-end mTLS coverage required to detect changes in cert-validation behavior with different peers and protocol versions.

How

• Wire asynchronous certificate validation in the integration tests directly through s2n_tls_sys (C FFI) instead of exposing a new async callback in the public Rust bindings. The async behavior is effectively test-only and remains internal until bindings: ConnectionFuture 'static bound blocks async interfaces bindings: ConnectionFuture 'static bound blocks async interfaces #5469 is resolved.
• Add mTLS integration coverage across both directions (rustls→s2n and s2n→rustls) and both protocol versions (TLS 1.2 and TLS 1.3) with three test variants: basic mTLS, synchronous cert validation, and asynchronous cert validation.

Callouts

• The async path is wired via s2n_tls_sys in the Rust integration tests only; the public Rust callback traits and builder API remain unchanged.
• Rustls and s2n can emit multi-message handshake records in TLS 1.3, which triggers a known async-validation bug in s2n’s C state machine. These async tests are therefore ignored until fix: refactor negotiate loop to fix issue with async callback #5641 lands. TLS 1.2 avoids multi-message flights on the client side, so the TLS 1.2 rustls→s2n async case passes and is not ignored.
• The async tests model the intended usage pattern where certificate validation may complete on a different thread than the handshake driver.

Testing

• Confirmed the full Rust integration suite passes across all supported libcryptos via the CodeBuild job.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[kaukabrizvi]

@jmayclin @maddeleine For async cert validation, instead of extending the Rust public API, the integration tests now register an async cert validation callback directly via s2n_tls_sys::s2n_config_set_cert_validation_cb. The tests define a C-style callback (test_async_cert_cb) and a small context struct that tracks invocation count and sends the s2n_cert_validation_info* over a channel. The async tests then call s2n_cert_validation_accept on that pointer to resume the handshake. This lets us exercise the async cert validation path end-to-end without exposing any new async Rust API surface.