Document how to manually control SNI when using HttpClient/SslStream

[MihaZupan]

It's not obvious how to control SNI when making requests via HttpClient.
We should document how to change the SNI that's used, or even avoid sending it.

We should for example show the following:

1. Not sending SNI at all
   • It should be possible, but it will take some work. You need to use SocketsHttpHandler.ConnectCallback to customize how connections are established. Inside the callback, construct the SslStream instance and authenticate with any SslClientAuthenticationOptions as you see fit and return it.
   • Note that ability to return SslStream from the callback was added in 7.0 only (Allow SslStream in ConnectCallback runtime#63851).
2. Changing the value of SNI
   • The value HttpClient uses is the host specified in the Host header, otherwise the host from the request's Uri.
3. Send an SNI that's different than the host header
   • Because we use the value from the host header, it's not possible to send an SNI that's different without going through ConnectCallback.

Replated issues in YARP and runtime: dotnet/yarp#2036, dotnet/runtime#82165

[karelz]

@rzikm can I please ask you to help with this as well. Not super-urgent, but would be nice in couple of weeks. Thanks!
cc @wfurt

[wfurt]

We should double-check that one can set empty SNI and that we would respect that properly.