Checklist

• I've searched the issue tracker for similar requests

Is your feature request related to a problem? Please describe.

rustls lacks support for multiple certificate types (you can only have one active certificate type per TLS config).
This is problematic for existing deployments of TLS that want to migrate certificate types, e.g. X.509 to Raw Public Keys (particularly P2P networks, where these migrations take a long time)

Describe the solution you'd like

The main problem is that certain callbacks (via public traits) don't provide the certificate types that were negotiated by the ClientHello/ServerHello exchange.

A practical way to allow multiple certificate types is by extending the following callbacks with additional parameters:

• ResolvesClientCert::resolve should provide the selected client_certificate_type. Currently, the callback has no way of knowing which certificate type the server would expect
• ServerCertVerifier::verify_tls13_signature should provide the selected server_certificate_type.
• ClientCertVerifier::verify_tls13_signature should provide the selected client_certificate_type.

If these 3 changes are made, it's possible to create a TLS config with a custom ResolvesClientCert and cert verifier that supports RawPublicKeys with X.509 fallback.

Describe alternatives you've considered

Additional context