Move MTU setting to SSL context, not config

This setting belongs to the individual connection, not to a configuration
shared by many connections. (If a default value is desired, that can be handled
by the application code that calls mbedtls_ssl_set_mtu().)

There are at least two ways in which this matters:
- per-connection settings can be adjusted if MTU estimates become available
  during the lifetime of the connection
- it is at least conceivable that a server might recognize restricted clients
  based on range of IPs and immediately set a lower MTU for them. This is much
easier to do with a per-connection setting than by maintaining multiple
near-duplicated ssl_config objects that differ only by the MTU setting.
diff --git a/ChangeLog b/ChangeLog
index bab69f6..a95cc6c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,7 +3,10 @@
 = mbed TLS x.x.x branch released xxxx-xx-xx
 
 Features
-   * Add support for fragmentation of outoing DTLS handshake messages.
+   * Add support for fragmentation of outgoing DTLS handshake messages. This
+     is controlled by the maximum fragment length as set locally or negotiated
+     with the peer, as well as new per-connection MTU option, set using
+     mbedtls_ssl_set_mtu().
 
 Bugfix
    * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if