Fix another return 0 bug in SSL_shutdown()

Fix another return 0 bug in SSL_shutdown()

If tls13_recod_layer_send_pending() returns TLS13_IO_EOF, we will
bubble this up to the caller via tls13_legacy_return_code(), which
translates TLS13_IO_EOF to 0. This can happen if we have pending
post handshake-handshake data and the peer closes the pipe.

Presumably tls13_legacy_shutdown() should be rewritten yet again.

ok jsing