tool-openssl/s_client: default SNI to -connect host to match OpenSSL

[alexw91]

Description of changes:

aws-lc's openssl s_client tool does not send the SNI extension unless the user explicitly passes -servername. OpenSSL's s_client has defaulted SNI to the -connect hostname since OpenSSL 1.1, with a DNS-name check that suppresses SNI for IP literals (RFC 6066 §3 forbids SNI for IPs), and exposes -noservername as an explicit opt-out.

This PR brings aws-lc's is_openssl_s_client code path in line with that behavior:

• Default SNI to the hostname parsed from -connect when neither -servername / -server-name nor -noservername was provided.
• Skip the default for IP literals and single-label hostnames via a verbatim port of OpenSSL's is_dNS_name helper.
• Add -noservername as an opt-out flag, with the same mutual-exclusion error message as OpenSSL when combined with -servername.

The bssl client tool (is_openssl_s_client == false) is unaffected.

Call-outs:

The is_dNS_name helper in tool/client.cc is copied verbatim from OpenSSL 3.x apps/s_client.c (commit 653f437c2a, file lines 3847–3910) and carries an Apache-2.0 attribution header matching the style used elsewhere in aws-lc (e.g. tool-openssl/txt_db/txt_db.cc, generated-src/*). Please flag any aws-lc conventions I should match more closely for this kind of verbatim third-party copy.

Behavior change visible to CLI users:

Command	Before	After
./openssl s_client -connect foo.com:443	no SNI sent	sends SNI foo.com
./openssl s_client -connect foo.com:443 -servername bar.com	sends SNI bar.com	unchanged
./openssl s_client -connect foo.com:443 -noservername	unknown argument	suppresses SNI (new flag)
./openssl s_client -connect 1.2.3.4:443	no SNI sent	no SNI sent (IP literal, matches OpenSSL)
./openssl s_client -connect [::1]:443	no SNI sent	no SNI sent (IPv6 literal, matches OpenSSL)
./openssl s_client -connect localhost:443	no SNI sent	no SNI sent (single-label, matches OpenSSL)

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

[github-actions]

clang-tidy made some suggestions

[codecov-commenter]

Codecov Report

❌ Patch coverage is 50.00000% with 26 lines in your changes missing coverage. Please review.
✅ Project coverage is 78.27%. Comparing base (051d258) to head (914c154).

Files with missing lines	Patch %	Lines
tool/client.cc	51.02%	17 Missing and 7 partials ⚠️
tool-openssl/s_client.cc	33.33%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3209      +/-   ##
==========================================
+ Coverage   78.12%   78.27%   +0.15%     
==========================================
  Files         689      689              
  Lines      122951   123006      +55     
  Branches    17107    17124      +17     
==========================================
+ Hits        96056    96288     +232     
+ Misses      25992    25805     -187     
- Partials      903      913      +10     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.