Add ALPN and better auth to SSLContext used for raw Thrift client

Summary:
This was found from logs like https://fburl.com/scuba/thrift_connection_events/4ki5vhy2, showing an empty "Client Alpns" list.

Rocket should be used with an "rs" ALPN value. Most of these changes come from https://www.internalfb.com/intern/wiki/Secure_Thrift/User_Guide/TLS/Special_Cases/

Reviewed By: xiangxu1121

Differential Revision: D52699658

fbshipit-source-id: 3775047f5fad390fcfa43bd68ac817dfdde9ed8c

openr/common/OpenrClient.h

@@ -125,9 +125,7 @@ getOpenrCtrlPlainTextClient(
 /*
  * Create secured client for OpenrCtrlCpp service over AsyncSSLSocket.
  */
-template <
-    typename ClientType,
-    typename ClientChannel = apache::thrift::RocketClientChannel>
+template <typename ClientType>
 static std::unique_ptr<ClientType>
 getOpenrCtrlSecureClient(
     folly::EventBase& evb,
@@ -183,7 +181,8 @@ getOpenrCtrlSecureClient(
     }
 
     // Create channel and set timeout
-    auto channel = ClientChannel::newChannel(std::move(transport));
+    auto channel =
+        apache::thrift::RocketClientChannel::newChannel(std::move(transport));
     channel->setTimeout(processingTimeout.count());
 
     // Enable compression for efficient transport when available. This will

openr/kvstore/KvStore-inl.h

@@ -1128,9 +1128,7 @@ KvStoreDb<ClientType>::KvStorePeer::getOrCreateThriftClient(
       folly::ssl::SSLCommonOptions::setClientOptions(*context);
       // Since we are suggesting support for rocket in ALPN,
       // we should use RocketClientChannel to match what is negotiated
-      secureClient = getOpenrCtrlSecureClient<
-          ClientType,
-          apache::thrift::RocketClientChannel>(
+      secureClient = getOpenrCtrlSecureClient<ClientType>(
           *(evb->getEvb()),
           context,
           folly::IPAddress(*peerSpec.peerAddr()), /* v6LinkLocal */