quic: disable sending of Version Negotiation packets

[marten-seemann]

QUIC is susceptible to Request Forgery Attacks: https://www.rfc-editor.org/rfc/rfc9000.html#name-request-forgery-with-versio

In short, the client controls both the source and the destination connection ID (both up to 255 bytes in length), which the server will echo in a Version Negotiation Packet. The client therefore is able to control byte 2 - 511 of a Version Negotiation Packet (the first bit of byte 1 is given by the wire format of the VN packet, the remaining 7 bits are chosen by random).

In a p2p setting, there's no reason to do version negotiation at all: as addresses are advertised and discovered, nothing prevents us from including the QUIC version in the advertisement. We didn't do this for draft version, as we didn't want to burn too many multiaddr code points (and the request forgery attack described above wasn't discovered yet at that point).

With QUIC becoming stable, we'll be at a point to clean this up soon: Once draft-29 is phased out of the network, we can change the definition of the quic multiaddr codepoint to mean "QUIC v1 (RFC 9000)", and disable sending of Version Negotiation packets.

Once a new version of QUIC is standardized, we'd need to define a new code point for that version.

cc @Stebalien and @aschmahmann, as we discussed this a while ago

[marten-seemann]

This has now been released in quic-go v0.22.0, so we can flip the switch any time we want.