feat: implement TlsAcceptCallbacks support for rustls backend

[jsulmont]

What is the problem your feature solves, or the need it fulfills?

TlsSettings::with_callbacks() in the rustls backend returns an error:

"Certificate callbacks are not supported with feature "rustls"."

The TlsRef type passed to handshake_complete_callback is an empty struct with no accessors, making post-handshake inspection impossible even if the error is worked around. This is a parity gap with the OpenSSL/BoringSSL backend, where TlsRef = SslRef exposes peer_certificate(), verified_chain(), current_cipher(), etc.

This blocks any rustls-based application that needs to extract peer certificate identity or cipher suite information after the TLS handshake.

Describe the solution you'd like

1. TlsSettings::with_callbacks(callbacks) should accept a TlsAcceptCallbacks and wire it through to the Acceptor and handshake path (matching the OpenSSL backend signature)
2. TlsRef should carry connection state — peer certificate chain and negotiated cipher suite — with public accessors
3. handshake_with_callback() should populate TlsRef from the rustls session and pass it to the callback
4. Add set_certificate_chain_file() / set_private_key_file() setters on TlsSettings for use with the callbacks constructor

Additional context

PR: #833