BearSSL bugs found by @jeroen88

[earlephilhower]

@Jeroen88 has been using BearSSL and adding some PRs and discovered a few issues that he's sent in email that I want to make sure get tracked here as I'm still kind of swamped. @Jeroen88, please add to this if I missed something:

1. The set{insecure,fingerprint,etc.} methods should clear any other authentication methods. Presently, if you setFingerprint then setInsecure, for example, it will have both flags set and actually check the FP and not be insecure as the last call requested.
2. Shouldn't _sc be tested for nullptr before &_sc->eng in WiFiClientSecure::_connectSSL(const char* hostName)
3. _waitForHandshake() can cause a hang if the server times out, and needs a WDT feed call in the while() loop somewhere

[Jeroen88]

Just one more: in addition to 1), Stop() should clear the previous authentication methods too in my opinion, making the client ready for a new connection, probably by incorporating this in _freeSSL().

[devyte]

@earlephilhower is it reasonable to get these fixes done for 2.4.2 (current target is 01/Aug) ?

[earlephilhower]

Yes, these changes seem to be very limited in scope. Just need an hour this weekend.

[earlephilhower]

About (2) above, the code as-is is safe:

struct blah *x = nullptr;
struct blech *y = &x->_blech;

The & means we're only computing an address and not actually try and dereference the nullptr. In the example, it's equivalent of saying struct blech *y = offsetof(struct blah, _blech);.

[earlephilhower]

@Jeroen88 could you give PR #4901 a try/check and see if it covers your needs. We're shooting for a short commit window on the bug fixes (end of month).