Key updates on long-running TLS connections

[wquark]

Checklist

• I've searched the issue tracker for similar requests

Is your feature request related to a problem? Please describe.
Long running TLS connections where the peer sends key updates will eventually fail due to TooManyKeyUpdateRequests.

Describe the solution you'd like
Expose a way to reset / manage the DOS counters (at least the allowed_key_update_requests).

Describe alternatives you've considered
Re-establishing a connection is a clunky alternative.

Additional context
Connecting to a DB running postgres 15 and openssl 3.0.13 over TLS (rust-postgres + rustls) errors after several hours (traffic dependent) with TooManyKeyUpdateRequests.

[ctz]

Thanks for the report. I think we should be replenishing allowed_key_update_requests each time a non-KeyUpdate message is processed. The purpose of this counter is to ensure we detect a permanent run of KeyUpdates that starve receipt of other messages.