Add maximum_name_length to TLS ECH padding

[sebastian-carpenter]

Description

Improve TLS ECH ClientHelloInner padding to follow RFC 9849 §6.1.3, which uses the ECHConfig maximum_name_length to produce a stable padded length across SNIs.

• Add WOLFSSL_EchConfig.maxNameLen and honor it when emitting/parsing ECHConfigs (previously hard-coded to 0 on emit and ignored on parse).
• Add new public API wolfSSL_CTX_GenerateEchConfigEx() that takes a maxNameLen; the existing wolfSSL_CTX_GenerateEchConfig() becomes a thin wrapper passing 0.
• Update SendTls13ClientHello() to compute padding from maxNameLen and the inner SNI length (with the spec's 9-byte fallback when no SNI is present), then round up to a 32-byte boundary.

Fixes zd#21504

Testing

Update callback in tests/api.c to use new *Ex function with a longer maximum name length. Kept some instances of the old wolfSSL_CTX_GenerateEchConfig to test with no max name length (i.e., shorter length).

Checklist

• added tests
• updated/added doxygen
• updated appropriate READMEs
• Updated manual and documentation

[github-actions]

MemBrowse Memory Report

gcc-arm-cortex-m4

• FLASH: .rodata +8 B, .text +256 B (+0.1%, 198,017 B / 262,144 B, total: 76% used)

gcc-arm-cortex-m4-baremetal

• FLASH: .rodata +8 B, .text +192 B (+0.3%, 64,827 B / 262,144 B, total: 25% used)

gcc-arm-cortex-m4-min-ecc

• FLASH: .rodata +8 B, .text +192 B (+0.3%, 60,413 B / 262,144 B, total: 23% used)

gcc-arm-cortex-m4-tls12

• FLASH: .rodata +8 B, .text +256 B (+0.2%, 121,437 B / 262,144 B, total: 46% used)

[sebastian-carpenter]

Jenkins retest this please.

[sebastian-carpenter]

Jenkins retest this please.