XFR-over-TLS (XoT): Spec requires client and server MUST use `dot` ALPN and TLS 1.3

As part of implementing #1784 (closed) per the spec, the XoT spec requires that the dot ALPN MUST be used for XoT connections and also that TLS 1.3 or later is required. This seems it will require extension to the tls clause with an ALPN field and implementation of the protocol field on client and server side.

Updates by a team member

The issue basically consists of two:

1. #2794 (closed);
2. #2795 (closed).

Related issues:

1. #2776 (closed).
2. #2796 (closed)