Add BoringSSL support to the ja4_fingerprint plugin

[maskit]

This PR is based on #12790, and most work was done by @jasmine-nahrain. Please look at the PR for the overall description. I made additional changes to eliminate the heap allocations that were introduced on the PR.

Additional changes:

• Removed the container that holds copies of items in ClientHello
• Made TSVConnClientHelloGet returns a object by value instead of a pointer
• Removed TSClientHelloDestroy since the returned value is no longer a pointer
• Changed the type of TSExtensionTypeList to a custom class that supports range-based for-loop (this eliminates the use of std::vector).

Changes for the plugin code are trivial:

• Check the availability of TSClientHello by is_available() instead of comparing with nullptr
• Change -> to . since TSClientHello is no longer a pointer
• Remove the call for TSClientHelloDestroy

Now all getters access the original data in a library specific data structure. Plugin developers can copy things by themselves if they need to. At a minimum, it's not necessary for this (ja4) plugin.

The internal implementation is getting a little messy. I think TLSSNISupport::ClientHello should be decoupled from TLSSNISupport, but the change wouldn't affect the plugin API, so we can do it later.

[Copilot]

Pull request overview

This PR adds BoringSSL support to the ja4_fingerprint plugin by introducing a new TSClientHello API that abstracts TLS ClientHello access across both OpenSSL and BoringSSL implementations. The changes build upon PR #12790 with optimizations to eliminate heap allocations by returning objects by value and using a custom iterator class instead of std::vector for extension types.

Changes:

• Introduces TSVConnClientHelloGet() and TSClientHelloExtensionGet() plugin APIs that work with both BoringSSL and OpenSSL
• Implements a custom TSExtensionTypeList iterator class to avoid heap allocations when accessing extension type IDs
• Updates ja4_fingerprint plugin to use the new API, enabling BoringSSL compatibility
• Removes the OpenSSL-only build dependency from the ja4_fingerprint plugin

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 10 comments.

Show a summary per file

File	Description
src/iocore/net/TLSSNISupport.cc	Implements ClientHello getters and custom iterator for extension IDs with OpenSSL/BoringSSL conditional compilation
src/iocore/net/TLSSNISupport.h	Defines ClientHello class with ExtensionIdIterator and adds _ch member to store ClientHello reference
src/api/InkAPI.cc	Implements TSClientHello wrapper class methods and TSVConnClientHelloGet/TSClientHelloExtensionGet APIs
include/ts/ts.h	Declares new public API functions with comprehensive documentation
include/ts/apidefs.h.in	Defines TSClientHello class with custom iterator wrapping internal implementation
plugins/experimental/ja4_fingerprint/plugin.cc	Updates to use TSClientHello API instead of direct OpenSSL calls, enabling BoringSSL support
plugins/experimental/ja4_fingerprint/README.md	Documents BoringSSL support
doc/developer-guide/api/types/TSClientHello.en.rst	Developer documentation for TSClientHello type
doc/developer-guide/api/functions/TSVConnClientHelloGet.en.rst	Developer documentation for API functions
doc/admin-guide/plugins/ja4_fingerprint.en.rst	Administrator guide for ja4_fingerprint plugin
doc/admin-guide/plugins/index.en.rst	Adds ja4_fingerprint to plugin index
cmake/ExperimentalPlugins.cmake	Removes OpenSSL-specific dependency check for JA4_FINGERPRINT