Draft: Test mirrors with and without SNI

This is a draft of changes to address this issue: #2716

It requires changes to NetCipher made here: https://gitlab.com/mnbogner/netcipher-no-sni which have not yet been integrated, so it has been marked as a draft. Those changes include an additional socket factory which uses the jsse.enableSNIExtension system property to enable or disable SNI.

Because this is a system property, I believe it is necessary to first test the mirrors with SNI disabled, and then if no mirror is found (and if any failed because SNI was diabled), another test is made with SNI enabled.

This can't be merged until the NetCipher update is published, but I am creating this pull request to get feedback (@eighthave, @grote).