Detect HTTPS interception (#1430)

* WIP: Implement HTTPS interception detection by Durumeric, et. al.

Special thanks to @FiloSottile for guidance with the custom listener.

* Add {{.IsMITM}} context action and {mitm} placeholder

* Improve MITM detection heuristics for Firefox and Edge

* Add tests for MITM detection heuristics

* Improve Safari heuristics for interception detection

* Read ClientHello during first Read() instead of during Accept()

As far as I can tell, reading the ClientHello during Accept() prevents
new connections from being accepted during the read. Since Read() should
be called in its own goroutine, this keeps Accept() non-blocking.

* Clean up MITM detection handler; make possible to close connection

* Use standard lib cipher suite values when possible

* Improve Edge heuristics and test cases

* Refactor MITM checking logic; add some debug statements for now

* Fix bug in MITM heuristic tests and actual heuristic code

* Fix gofmt

* Remove debug statements; preparing for merge

caddyhttp/httpserver/context.go

@@ -321,3 +321,14 @@ func (c Context) Files(name string) ([]string, error) {
 
 	return names, nil
 }
+
+// IsMITM returns true if it seems likely that the TLS connection
+// is being intercepted.
+func (c Context) IsMITM() bool {
+	if val, ok := c.Req.Context().Value(CtxKey("mitm")).(bool); ok {
+		return val
+	}
+	return false
+}
+
+type CtxKey string