TLSv1.3 behaves differently in how PSK identity/PSK identity hints are
exchanged, at least in regards to OpenSSL. This caused the TLS client to
not send their TLS identity to the server, which rejected the connection
(it expected "luksrku v1"). Couldn't solve it with TLSv1.3, so we're now
simply forcing TLSv1.2.
Can now unlock a specified number of hosts as specified on the command
line (e.g., if you want a luksrku client run indefinitely) and also used
the already implemented blacklisting functionality (i.e., if an
unlocking is unsuccessful, it is retried in 120 seconds, not
immediately, as not to spam servers with illegal credentials).