Use asyncio transport for TLS, eliminate H2 reader threads

Replace the blocking ssl.SSLSocket TLS handshake with asyncio's
create_connection + start_tls (memory BIO), giving asyncio full
ownership of SSL state. This fixes silent data loss on long-lived
H2 connections caused by ssl.SSLSocket + add_reader/add_writer.

All TLS connections (H1 and H2) now use StreamReader/StreamWriter.
The H2 handler drops its dedicated reader thread + queue in favor
of direct reader.read(). H2 writes use writer.write() + drain()
instead of run_in_executor(sock.sendall).

Also adds H2 resource controls: configurable max concurrent streams,
worker-level stream budget semaphore, and aggregate body memory limit
with proper accounting across all paths (completion, rejection, reset).

Author: davegaeddert