* fix#2227
Instead of returning an error from Accept(), force the caller to process
errors from trying to read and parse the PROXY protocol.
The advantage here is that we don't have to rely on (net.Error).Temporary
or incur timed backoff from net/http when hitting these errors. However,
we still risk stalling processing of new incoming connections if someone
opens a connection to the proxy listener and doesn't send anything.
This is hard to fix while maintaining the net.Listener abstraction in
cooperation with http.Server.
* reduce proxy deadline to 5 seconds
Tor listeners should never see an STS cap.
Add an undocumented 'hide-sts' key for listeners that hides the STS cap.
This can be used if the listener is secured at layer 3 or 4 (VPNs,
E2E mixnets). It will be necessary to add the relevant IPs to `secure-nets`.
