Use RFC9325 to Rationalise TLS recommendations where possible

[dcmgashcisco]

Reviewers proposed to evaluate RFC9325 as a posisble reference for TLS 1.3 recommendations.

[dcmgashcisco]

Some points gleaned from RFC9325

• They make 1.2 Mandatory to support (due to wide adoption) and 1.3 SHOULD support. I think we should deviate and stick to 1.3 and above only
• Then include Data Integrity in the services in addition to Confidentiality and Peer authentication, we should porbably follow?
• They have an interesting take on STARTTLS and dedicated port, concluding "what matters is the end state of the channel" as the important thing. I think this underestimates downgrade attack, but we can reference their work.
• They put not insignificant focus on "cross-protocol" attacks, the ALPN issues. Though I dont think T+ would be a target for it, it is probably best to be safe and get an ALPN protocol number allocated.
• SNI: "At the time of writing, a technology for encrypting the SNI
  (called Encrypted Client Hello) is being worked on in the TLS Working
  Group [TLS-ECH]. Once that method has been standardized and widely
  implemented, it will likely be appropriate to recommend its usage in
  a future version of this BCP." - useful to add to our section.