Clone TLS configuration for WebSocket dialer

[gabrielcorado]

Closes #19022 and added a test to cover the scenario described (TestHandleConnectionHTTP2WS).

Problem

Teleport couldn't connect to WebSockets after issuing an HTTP2 request to the same server. This was caused because both dialers (for requests and WebSockets) were using the same TLS Configuration. When the user issued a request, and the server handled it as HTTP2, the configuration would be changed, and the following connections using the configuration would resolve to the same protocol. When a WebSocket request arrived, it would use HTTP2, which is not supported, causing the server to fail to upgrade the connection.

Logs from the server

2022-12-15T11:03:34-03:00 ERRO             Unable to read websocket upgrade response: malformed HTTP response "\x00\x00\x18\x04\x00\x00\x00\x00\x00\x00\x05\x00\x10\x00\x00\x00\x03\x00\x00\x00\xfa\x00\x06\x00\x10\x01@\x00\x04\x00\x10\x00\x00" forward/fwd.go:309

Error from `TestHandleConnectionHTTP2WS` test before the fix

2022/12/15 11:01:31 http2: server: error reading preface from client 127.0.0.1:51752: bogus greeting "GET / 
HTTP/1.1\r\nHost: 12"
--- FAIL: TestHandleConnectionHTTP2WS (0.17s)
    server_test.go:990:
                Error Trace:    /teleport/teleport/lib/srv/app/server_test.go:990
                                                      /teleport/teleport/lib/srv/app/server_test.go:648
                Error:          Received unexpected error:
                                unexpected EOF
                Test:           TestHandleConnectionHTTP2WS
FAIL
FAIL    github.com/gravitational/teleport/lib/srv/app   6.328s
FAIL

Solution

Clone the TLS configuration instead of using the same for both dialers. This enables requests and WebSockets from the same sessionChunk to use different protocols.

[github-actions]

@gabrielcorado See the table below for backport results.

Branch	Result
branch/v10	Failed
branch/v11	Create PR
branch/v9	Failed