SSL: support trailing data on initialization?

[njsmith]

In theory, when switching from another protocol (i.e. doing STARTTLS), it might happen that the code that wants to switch has "over-read" from the socket, and already pulled out part of the TLS handshake. In practice, I don't know that this ever comes up – e.g., in SMTP, STARTTLS works like: (a) client says "let's do this", (b) server says "ok", (c) client starts the handshake, so it can never be the case that the server has read too far. But it's easy to implement and theoretically could be useful.