Initially, TLS endpoints started as a secure option for local endpoints (so fully encrypted connection even between local proxy - like nginx) that can be exposed (because of encryption and shared, static port). It seems unnecessarily complex to have wormhole listen on both TLS and dynamic ports opened for each session (so right now always 2 endpoints for each session).

@doodles526 I think we should make it either/or. I know we talked about having a support for both initially, but that constraint is gone. We could just make UseSharedPortForwarding turn off local endpoints. Thoughts?