curl: introduce the --tlsv1.3 option to force TLS 1.3

Fully implemented with the NSS backend only for now.

Reviewed-by: Ray Satiro