Checklist

• I've searched the issue tracker for similar requests - Support Encrypted ClientHellos (ECH, formerly ESNI) #199 covers the general case. We want a more specific issue for server-side support.

Is your feature request related to a problem? Please describe.

Rustls should support encrypted client hello (ECH) when operating as a server.

Describe the solution you'd like

I want to be able to implement a TLS server that supports ECH, operating in either of the supported topologies - shared mode, or split mode.

I want to be able to ergonomically load ECH configurations and associated private key material in a server config. It should be possible to indicate which (if any) of the ECH configs should be offered as "retry configurations", to support graceful migration between ECH configs. Ideally it would be possible to change configurations without requiring a server reload.

Describe alternatives you've considered

N/A.

Additional context

Client side-support was implemented in #1718