QUIC grease bit support; bug fixes

• [FEATURE] Implement the "QUIC bit grease" extension.
• [BUGFIX] Selecting CID used for logging on client.
• [BUGFIX] Header protection assertion.
• [BUGFIX] Server: enable SSL key logging when cert lookup callback is not set.
• Remove some dead code.

API and doc cleanup; minor bug fixes

• [API] Rename "0-RTT" to "session resumption." In IETF QUIC, "0-RTT" always refers to early data, meaning a request that the server can reply to in the very first return flight. A more appropriate name for what we support on the client site is "session resumption," which is standard TLS terminology. Later, when we add support for 0-RTT (early data), we can use the 0-RTT terminology again, this time in proper context.
• [BUGFIX] Do not set certificate callback if ea_lookup_cert is NULL.
• [BUGFIX] Make connection tickable when it's marked as closed.
• [BUGFIX] Fail certificate lookup if SNI is not present in HTTP mode.
• Several documentation fixes and improvements.
• Minor code cleanup.

Bug fix and optimizations

• [BUGFIX] Infinite loop in stream: advance read offset when discarding data.
• [OPTIMIZATION] Header protection: only initialize cipher once.
• [OPTIMIZATION] Batch header protection application.

Support Internet Draft 29; bug fixes

• [FEATURE] QUIC and HTTP/3 Internet Draft 29 support.
• [BUGFIX] Check that scheduled packets are also sendable when calculating a connection's "tickable" property.
• [BUGFIX] Don't count scheduled packets as in-flight when pacer is checked on tick.
• gQUIC: delay calling on_new for pushed stream until headers are available.
• Allow nested calls to lsquic_engine_connect().

Bugfix release: early data regression

• [BUGFIX] Early data: call new BoringSSL function to set context.

Bugfix release; stash reordered packets

• [OPTIMIZATION] Stash up to two reordered packets in IETF mini conn instead of dropping them.
• [BUGFIX] Crash: check decrypt context before using it. This regression was introduced in 2.16.2.

Bugfix release

• [BUGFIX] Crash: check decrypt context before using it. This regression was introduced in 2.12.5.

Bug fixes; newer BoringSSL

• [BUGFIX] ID-28: do not use TLS middlebox compatibility mode in ClientHello. This change requires using a newer version of BoringSSL.
• [BUGFIX] Free connections in Advisory Tick Time Queue in engine dtor.
• [BUGFIX] IETF QUIC client: narrow migration check to a single path.
• [BUGFIX] NULL dereference: set function pointers for alarm for path challenges 2 and 3.
• [BUGFIX] HTTP/3 headers may be followed immediately by trailers.
• [BUGFIX] Log messages when SCID changes.

Bug fixes; updated BoringSSL

• [BUGFIX] ID-28: do not use TLS middlebox compatibility mode in ClientHello. This change requires using a newer version of BoringSSL.
• [BUGFIX] Free connections in Advisory Tick Time Queue in engine dtor.
• [BUGFIX] HTTP/3 headers may be followed immediately by trailers.
• [BUGFIX] Log messages when SCID changes.

No-progress timeout; several bug fixes

• [FEATURE] Use "no-progress timeout" after which connection is closed.
• [BUGFIX] Select new SCID when current SCID is retired.
• [BUGFIX] Don't warn about dropped Initial packet sequence gaps during mini/full handoff.
• [BUGFIX] Send correct conn error when HTTP/3 frame is truncated.
• [BUGFIX] Mini conn: consider amplification when deciding to return TICK_SEND.
• [BUGFIX] Don't double-count tag length in amplification logic.
• [BUGFIX] Don't squeeze out lone path challenges.
• [BUGFIX] Log messages dealing with scheduled packet queue squeezing.
• [BUGFIX] don't wipe current path if no path challenge responses come back.
• [BUGFIX] When path is reset, don't lose path_id which is used for logging.
• Downgrade flow control violations to info log level from warnings.
• Fix connection cap extra check, avoid checks in nested calls.
• Fix some unit tests when extra checks are enabled.
• Use ls-hpack 2.2.1.
• Turn off unconditional extra checks for IETF clients.
• Extra checks: don't verify sent size of hello packets. Client changes DCID length and this check will fail.