For use by broker.js which now requires a Sysop User ID and password
as the TLS PSK, and requires the system password in the MQTT password
field.

White-space changes only, exception being the rare insertion of NL before
closing brace (couldn't find the option to disable that behavior).

I excluded some header files (e.g. sbbs.h) since uncrustify seemed to be doing
more harm than good there. I might just end up applying different set of rules
to .h files.

As Nelgin pointed out, a Socket.connect() failure for reasons of address/host
lookup failure would report a stale/nonsense Socket.error/error_str value.

This change required us to query/store the socket API/getaddrinfo error string
at the time of failure (for the Socket.error_str property value) rather than
converting from number to string at the time the property is read.

This does mean that sometimes Socket.error is a errno value and sometimes its
a getaddrinfo (EAI_*) error value. Since the EAI_* values are negative, it
should be obvious which is which.

TLS 1.2.  For static services and JS sockets, add a new tls_minver
socket property which can be set to use a lower minver (down to the
wildly insecure TLS 1.0).

TLS 1.0 and 1.1 have been not reccomended since 2015, and deprecated
since 2021.

This appears to work and the event handler *should* work on other
event types already.

Note, this is *nix-only due to the use of poll().  select() will
need to be used for Windows to keep XP compatability.

depend on a socket descriptor still won't work.

a single byte into a special buffer.  Note that peek() and nread will never
return/indicate more than a single byte, so scripts which rely on these may
be inefficient with TLS (websocket stuff appears to use nread heavily).

TLS servers without all of them needing to separately load the ssl certificate.

It's destroyed in free_scfg(), and the config *must* be prepped both to
destroy the certificate and to load it.  This is because the "no cert"
value is -1, not 0, so the prepped flag is all we really have to indicate
if it's zero because it's a valid certificate or zero because no certificate
has been loaded.

1) Only call crpytFlushData() if there *is* data.
2) Only call cryptFlushData() once per call to do_CryptFlush()
3) If cryptPushData() does a short write, flush immediately, regardless of
   the preferences
4) Pass the whole private data pointer to do_CryptFlush() so it can only
   call cryptFlushData() if there's unflushed data
5) Extend the private data structure to track unflushed data

Mutex protect certificate loading/creation.

New Features:
- Multiple bindings for each service
  Use comma-separated interfaces on Interface= lines in the ini file.
  Default is now "0.0.0.0,::"
- IPv6 support
- TLS support for the webserver and (non-static) services
  New TLS option in services.ini (ie: Options=TLS)
- Decrease LEN_SCAN_CMD to 35 chars, increase the CID field to 45 chars,
  and rename the MAIL_CMD string to IPADDR.  I think this frees up the
  note field for SysOp use.

This should really get a new file with happy wrappers at some point - I'm not
sure where lprintf() will go if it happens from main() right now etc.