Use public APIs instead of Conscrypt ones

Use the equivalent public APIs on SSLContext instead of reaching into
OpenSSLContextImpl, except for the one place where a
Conscrypt-specific API is needed.

Bug: 123738844
Bug: 119752589
Test: cts -m CtsLibcoreTestCases
Test: atest android.net.SSLCertificateSocketFactoryTest
Change-Id: I61aebac4ad713b8ce53a47e72def0c537b4ab1c9