Work through interaction with ECH

[davidben]

By its nature, ECH inherently doubles up the parameter space of TLS, and this draft is no exception to that.

There is some subtlety here that we should probably write down more explictly:

• If you're just unconditionally sending trust anchors (i.e. you're treating this like CAs), you probably want to send in both inner and outer.
• If you get trust anchor hints in DNS and use them to tailor the request, it really only applies to the inner name and you probably don't want to send in outer.
• If you do an EncryptedExtensions retry based on an inner handshake, it should update your inner list
• If you do an EncryptedExtensions retry based on an outer handshake, it should update your outer list