esp_mqtt_client over mqtts:// fails in mbedtls_ssl_setup with -0x008D on IDF v6.2-dev (mbedTLS 4.1.0) but works on v6.0

[ArtJazd]

Environment
- ESP-IDF: v6.2 development head (`v6.1-dev-5706-ga602e67b0b`)
- mbedTLS: 4.1.0 (bundled)
- Working baseline: ESP-IDF v6.0.1 (mbedTLS 4.0.0)
- Target: ESP32-S3
- Using `esp_mqtt_client` with `MQTT_PROTOCOL_V_5` and mTLS

Description
When using `esp_mqtt_client` with a `mqtts://` URI and a valid ECDSA client certificate + private key, `esp_mqtt_client_init()` succeeds but `mbedtls_ssl_setup` inside `esp_tls` returns `MBEDTLS_ERR_SSL_BAD_INPUT_DATA` (`-0x008D`). No TCP connection is ever attempted (confirmed with tcpdump on the broker host — 0 packets).

The same code and certificates work correctly on the stable v6.0.1 branch.

Minimal reproduction
- Use `esp_mqtt_client_config_t` with:
- `.broker.address.uri = "mqtts://..."`
- `.broker.verification.certificate` + `.certificate_len` (public ISRG Root X1 or custom chain, length + 1)
- `.credentials.authentication.certificate` / `.key` (valid EC P-256 client cert + key, lengths + 1)
- `.session.protocol_ver = MQTT_PROTOCOL_V_5`
- Call `esp_mqtt_client_init()` then `esp_mqtt_client_start()`
- Result: `create_ssl_handle` fails with `-0x008D` before any network activity

What was ruled out
- Client private key / certificate validity (`mbedtls_pk_parse_key`, `verify_cert_pair` both succeed)
- Server CA chain parsing (`mbedtls_x509_crt_parse` returns 0)
- Network / Docker / broker reachability (`ncat --ssl` succeeds; tcpdump shows zero packets from device)
- Missing verification options (using public CA + `skip_cert_common_name_check = true` still fails)

Expected behavior
`esp_mqtt_client` should establish the mTLS connection on the v6.2 dev head the same way it does on v6.0.1.

Additional information
- Downgrading from the v6.2 dev head to v6.0.1 immediately resolves the issue with no code changes.
- The regression appears between mbedTLS 4.0.0 → 4.1.0 in the context of `esp_mqtt_client` + ECDSA client auth.