feat: use Rustls for connections with strict TLS

[link2xt]

No description provided.

[link2xt]

This seems a bit dangerous as we previously had compatibility problems due to 1024-bit RSA:
#1007
However, the only known provider using 1024-bit RSA key is using self-signed certificate and has strict TLS disabled.
Valid TLS certificates should not use 1024-bit RSA since 2014: https://www.thawte.com/resources/2048-bit-compliance/
Even for root certificates 1024-bit RSA has been replaced: https://blog.mozilla.org/security/2014/09/08/phasing-out-certificates-with-1024-bit-rsa-keys/

There may be other compatibility problems that affect servers with valid TLS certificates, but they are likely to be treated as bugs in Rustls.

Advantage of this move is that Rustls supports modern TLS extensions such as ECH (https://www.memorysafety.org/blog/rustls-ech-support/), TLS session resumption and TLS certificate compression. I want to enable TLS session resumption soon after Rustls migration, this will have an immediate effect of reducing TLS connection setup by one round trip and reduction in computation costs of running DH: #6182
With native-tls it is unlikely that extensions will be implemented as it requires implementing the same API for OpenSSL, Schannel (Windows) and Security Framework (macOS): sfackler/rust-native-tls#308