Avoid using ALPN to decide the protocol #18
Description
ALPN is in the public part of the Initial packet, so it's basically transmitted in plaintext. Although it's quite fitting to use that to advertise for the supported protocols, it's a bad idea in our specific use case.
Ideally, we need to use other fields in the handshake. In the meantime, we would also want to use some information to detect non-kqt QUIC traffic, and bypass them onto some other backend (e.g. Nginx). However this two objectives are somewhat conflicting: to preserve the QUIC connection (no termination), we need the information to be publicly visible. But that would make traffic analysis trivial.
The middle ground is to do QUIC termination inside kqt, and send an ALPN-equivalent field as a custom extension in the encrypted part of ServerHello. Client is now responsible to avoid connection to a incompatible server.
The first step is to remove the identification in ALPN.