crypto/tls: centralize alert sending

[rolandshoemaker]

Currently we send TLS alerts all over the place, decoupling the process for other error handling, this results in inconsistencies about when and where we send alerts that can be quite confusing (including sometimes just not sending expected alerts at all).

Ideally we should centralize alert transmission in one (or two) places: Conn.Read and Conn.Write. Alerts can then be derived from errors (or a field we set on the connection?) allowing us to consistently handle them.

cc @FiloSottile

[rolandshoemaker]

More concretely, one possible path forward here is to introduce a specific internal tls error type internalTLSError, containing an alert code, and either a plain or typed error, which everything should return.

Conn.Read and Conn.Write should then defer error checking, sending an alert and unwrapping the internal error to return to the caller.

cc @thatnealpatel perhaps something to work on in the future.

type internalTLSError {
	alert alert
	err   error
}