Reported by Alexandr Savca in https://hackerone.com/reports/1178562

Co-authored-by: Shugo Maeda <shugo@ruby-lang.org>

This fixes CVE-2021-81810.
Reported by Alexandr Savca.

Co-authored-by: Shugo Maeda <shugo@ruby-lang.org>

	test/net/http/test_https.rb: Stop the error due to openssl 1.1.1h

	On some environments that uses OpenSSL 1.1.1h, the two tests now fail.

	http://rubyci.s3.amazonaws.com/android29-x86_64/ruby-master/log/20200924T062352Z.fail.html.gz
	https://github.com/ruby/ruby/runs/1159288773?check_suite_focus=true

	```
	  1) Failure:
	TestNetHTTPS#test_get [/data/data/com.termux/files/home/cb/tmp/build/20200924T062352Z/ruby/test/net/http/test_https.rb:47]:
	<"0\x82\x03\xED0\x82\x02\xD5\xA0\x03..."> expected but was
	<"0\x82\x03\xE30\x82\x02\xCB\xA0\x03...">.
	```

	Not sure why, but verify_callback now seems to receive only SERVER_CERT
	but not CA_CERT.
	It would be good to investigate the issue furthermore, but tentatively,
	I want to stop the failures.

	test/net/http/test_https.rb: the order of verify_callback seems to
	 vary

	... depending upon the environment.

	test/net/http/test_https.rb: The test logic was buggy

	The expected certs must be `[CA_CERT, SERVER_CERT]` before 1.1.1g and
	`[SERVER_CERT]` after 1.1.1h.

This reverts commit 5105240b1e851410020b3b3f1a2bead7ffdd4291.

In RFC 2616:

```
   deflate
        The "zlib" format defined in RFC 1950 [31] in combination with
        the "deflate" compression mechanism described in RFC 1951 [29].
```

So "Content-Encoding: deflate" means zlib format, not raw deflate.

[Bug #11268]

Net::HTTP had used `Zlib::Inflate.new(32 + Zlib::MAX_WBITS)` for all
content encoding (deflate, zlib, and gzip).
But the argument `32 + Zlib::MAX_WBITS` means zlib and gzip decoding
with automatic header detection, so (raw) deflate compression had not
been supported.

This change makes it support raw deflate correctly by passing an
argument `-Zlib::MAX_WBITS` (which means raw deflate) to
`Zlib::Inflate.new`.  All deflate-mode tests are fixed too.

[Bug #11268]

closed server doesn't have useful info.
So call inspect before close.
And add local debug code in comment.

https://rubyci.org/logs/rubyci.s3.amazonaws.com/unstable11x/ruby-master/log/20191215T092405Z.fail.html.gz
```
  1) Failure:
IMAPTest#test_connection_closed_without_greeting [/export/home/rubyci/chkbuild-tmp/tmp/build/20191215T092405Z/ruby/test/net/imap/test_imap.rb:483]:
[Net::IMAP::Error] exception expected, not #<RuntimeError: {:e=>#<Errno::EINVAL: Invalid argument - connect(2) for [::1]:41748>, :server=>#<TCPServer:(closed)>, :port=>41748, :server_addr=>"::1"}>.
```

https://rubyci.org/logs/rubyci.s3.amazonaws.com/unstable11x/ruby-master/log/20191212T072406Z.fail.html.gz

54072e329cab7207fba133caba4fc12b45add8f9

Because the test fails under HTTP proxy settings.

https://rubyci.org/logs/rubyci.s3.amazonaws.com/solaris10-gcc/ruby-master/log/20191210T000004Z.fail.html.gz
```
  1) Failure:
TestNetHTTPS#test_get_SNI_failure [/export/home/users/chkbuild/cb-gcc/tmp/build/20191210T000004Z/ruby/test/net/http/test_https.rb:81]:
[OpenSSL::SSL::SSLError] exception expected, not #<Net::HTTPServerException: 403 "Forbidden">.
```

The new SNI feature introduced at 54072e329c may need to be improved for
HTTP proxy environment.