TLS[openssl]: Use optional<> for CA cert we are fetching

The QSslCertificate ctor is somewhat expensive, especially when we are
shutting down. By using optional<> we simply reset() it and no longer
need to create a new, valid, certificate.

Task-number: QTBUG-102474
Change-Id: I514433b0d380dd3ceabbed3a6164f7e3efc490c7
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
(cherry picked from commit 61bfe87a64ca322de0ebf9bf61a0a0a81ee5bf7d)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

src/plugins/tls/openssl/qtls_openssl.cpp

@@ -490,7 +490,7 @@ void TlsCryptographOpenSSL::init(QSslSocket *qObj, QSslSocketPrivate *dObj)
     handshakeInterrupted = false;
 
     fetchAuthorityInformation = false;
-    caToFetch = QSslCertificate{};
+    caToFetch.reset();
 }
 
 void TlsCryptographOpenSSL::checkSettingSslContext(std::shared_ptr<QSslContext> tlsContext)
@@ -749,7 +749,7 @@ void TlsCryptographOpenSSL::enableHandshakeContinuation()
 void TlsCryptographOpenSSL::cancelCAFetch()
 {
     fetchAuthorityInformation = false;
-    caToFetch = QSslCertificate{};
+    caToFetch.reset();
 }
 
 void TlsCryptographOpenSSL::continueHandshake()
@@ -1803,7 +1803,7 @@ void TlsCryptographOpenSSL::caRootLoaded(QSslCertificate cert, QSslCertificate t
     Q_ASSERT(q);
 
     //Done, fetched already:
-    caToFetch = QSslCertificate{};
+    caToFetch.reset();
 
     if (fetchAuthorityInformation) {
         if (!q->sslConfiguration().caCertificates().contains(trustedRoot))

src/plugins/tls/openssl/qtls_openssl_p.h

@@ -120,7 +120,7 @@ private:
     bool handshakeInterrupted = false;
 
     bool fetchAuthorityInformation = false;
-    QSslCertificate caToFetch;
+    std::optional<QSslCertificate> caToFetch;
 
     bool inSetAndEmitError = false;
     bool pendingFatalAlert = false;