fix: handshake worker starve when loading external certificate

[bndcts]

addresses this issue #368 (comment)

• Fix goroutine leak when using external certificate managers (e.g. Tailscale get_certificate)
• External certs are not added to certmagic's in-memory cache, so the previous leader/waiter pattern caused waiters to recursively miss the cache, spawn new leaders, and accumulate
  goroutines indefinitely under concurrent load
• Share the leader's result directly with waiting goroutines via a new certLoadWaiter struct, avoiding the cache round-trip for externally-managed certificates

[francislavoie]

Could we pool these maybe to avoid some allocations?

[bndcts]

From what I understand, the channel get's closed to wake all waiters at once and can't really be reused and needs to be freshly allocated everytime, so pooling would only save the small struct around it.
Putting it back in the pool is also not straightforward I think, because the waiters still hold references after the leader is done, so we'd probably need some kind of reference counting to know when it's safe.

It feels like a lot of complexity for one allocation per contended name, but happy to reconsider if you see it differently.

[mholt]

Thanks, this looks like a reasonable approach to me.

We can see if the allocations (as mentioned above) become an issue via profiling.