Configure TLS onloader with SNI always

IMHO, enabling SNI should have nothing to do with whether or not we have a custom Authority from the BackendConfig, because, without SNI sent by the client, a virtual hosting server can only ever present the default certificate.

So it is a requirement for proper certificate validation with TLS virtual hosting - and for this reason, we also send an fc_pp_authority on the Varnish side, unless it is explicitly set to the empty string.

Many big CDNs do not even support connecting without SNI by default, so it is a de-facto requirement for reaching public services.

As an additional complication, with the current state of the code, where we only have a single ingressBackends onloader, we do not even have a way to add a pro-forma Authority to specifically enable SNI where we need it.

SNI being an TLS option, sending it should, famous last words, not cause any harm as per RFC 6066

The extensions are designed to be backwards compatible, meaning that TLS clients that support the extensions can talk to TLS servers that do not support the extensions, and vice versa.

Because I do not have my e2e test setup running, it would be great if you could help me out again like last time.