refactor: add key as a parameter for s2n_resume_encrypt_session_ticket

[boquan-fang]

Release Summary:

Resolved issues:

Partial for issue #4583 and #2756.

Description of changes:

This PR is to address a comment in PR#5001. Currently s2n_resume_encrypt_session_ticket() picks a session ticket key inside the function:

s2n-tls/tls/s2n_resume.c

Lines 818 to 825 in edf68e0

	S2N_RESULT s2n_resume_encrypt_session_ticket(struct s2n_connection *conn, struct s2n_stuffer *to)
	{
	RESULT_ENSURE_REF(conn);
	RESULT_ENSURE_REF(to);
	struct s2n_ticket_key *key = s2n_get_ticket_encrypt_decrypt_key(conn->config);
	/* No keys loaded by the user or the keys are either in decrypt-only or expired state */
	RESULT_ENSURE(key != NULL, S2N_ERR_NO_TICKET_ENCRYPT_DECRYPT_KEY);

The s2n_get_ticket_encrypt_decrypt_key() function is non-deterministic, so we might end up with different session ticket keys if we call them multiple times. We need to specify the session ticket key outside of the function, so that when we are calculating the session ticket lifetime, S2N will use the same session ticket key for both lifetime calculation and session ticket encryption.

Hence, this PR adds struct s2n_ticket_key *key as an additional parameter in s2n_resume_encrypt_session_ticket(), and chooses the key before calling s2n_resume_encrypt_session_ticket() every where in the codebase.

Call-outs:

• I made s2n_get_ticket_encrypt_decrypt_key() function available in s2n_resume.h, because this function needs to be called in s2n_server_nst_send() and s2n_tls13_server_nst_write() functions.
• I will need to merge this PR first before continue to work on PR fix: calculation of session ticket age #5001. That PR should serve for fixing the calculation only.

Testing:

This PR is tested locally and by the CI.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.