This commit separates key installation function into 2 and let TLS
stack install rx and tx keys separately for handshake and 1RTT keys.
This change is aligned to the new BoringSSL API and GnuTLS API.  I
expect that OpenSSL will follow this change.  It also removes side
argument from crypto API if it can be inferred by
ngtcp2_conn_is_server.

crypto: fix a couple of typos in the documentation

crypto: add GnuTLS backend

This adds a crypto backend based on GnuTLS.  While most of the
gnutls_* functions used in this backend are officially available in
upstream GnuTLS, the following functions are only available in the
'tmp-quic' branch, for ABI assurance reasons until the QUIC standard
is finalized:
- gnutls_handshake_write
- gnutls_quic_get_peer_transport_params

Signed-off-by: Daiki Ueno <dueno@redhat.com>
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Fixes #224

This reverts commit 48ba0b8d.

This commit adds special handling for the very first Initial packet
which is corrupted and discarded.  If server receives such packet, it
has to drop connection silently without sending any CONNECTION_CLOSE.
Then valid packet might come later.  Keeping connection state is
harmful because corrupted packet has wrong SCID, which drops later
valid packet because mismatched SCID.  New error code
NGTCP2_ERR_DROP_CONN is added which tells server application to drop
connection silently.

Use longer timeout because packet loss rate is incredibly high (30%).

Clarify the behaviour of ngtcp2_conN-writev_stream with
NGTCP2_WRITE_STREAM_FLAG_MORE.

Remove handling of NETWORK_ERR_SEND_BLOCKED in example server

Fix typo

The example server uses sendmsg() in blocking mode and NETWORK_ERR_SEND_BLOCKED is never returned as an error.

Remove conn and user_data from encrypt/decrypt/hp_mask callbacks so
that they can be used without conn.

Bring back the processing of Handshake packets.  Doing so can reset
idle timer and reset PTO count which is useful to deal with packet
loss during handshake.