Add regression and security tests for relay quota and TLS stream handling

- Introduced regression tests for relay quota wake liveness to ensure proper handling of contention and wake events.
- Added adversarial tests to validate the behavior of the quota system under stress and contention scenarios.
- Implemented security tests for the TLS stream to verify the preservation of pending plaintext during state transitions.
- Enhanced the pool writer tests to ensure proper quarantine behavior and validate the removal of writers from the registry.
- Included fuzz testing to assess the robustness of the quota and TLS handling mechanisms against unexpected inputs and states.

src/stream/tls_stream.rs

@@ -297,6 +297,11 @@ impl<R> FakeTlsReader<R> {
     pub fn into_inner_with_pending_plaintext(mut self) -> (R, Vec<u8>) {
         let pending = match std::mem::replace(&mut self.state, TlsReaderState::Idle) {
             TlsReaderState::Yielding { buffer } => buffer.as_slice().to_vec(),
+            TlsReaderState::ReadingBody { record_type, buffer, .. }
+                if record_type == TLS_RECORD_APPLICATION =>
+            {
+                buffer.to_vec()
+            }
             _ => Vec::new(),
         };
         (self.upstream, pending)
@@ -1293,3 +1298,7 @@ mod tests {
         assert_eq!(bytes, [0x17, 0x03, 0x03, 0x12, 0x34]);
     }
 }
+
+#[cfg(test)]
+#[path = "tls_stream_pending_plaintext_security_tests.rs"]
+mod pending_plaintext_security_tests;