Fix condition checking for Initial packet

The code previously determined whether a packet was an Initial packet by looking at its type value, without first checking it was not a Version Negotiation packet. In the case of a Version Negotiation packet, reading the type value returned the random value in the Unused field. This occasionally caused Version Negotiation packets to be misinterpreted as Initial packets. When this happened, ngtcp2_conn_read_pkt() returned NGTCP2_ERR_DRAINING instead of NGTCP2_ERR_RECV_VERSION_NEGOTIATION.

Return dest->len from ngtcp2_pkt_decode_padding_frame

Add comment to clarify len in pkt_decode_version_cid

Refs: https://github.com/ngtcp2/ngtcp2/issues/191

Require token if the first packet is lost or reordered in order to
buffer the data coming from validated client only.

Add generated certificates to .gitignore

Introduce put_uint16_varint function

Remove unnecessary callback comments

Remove unused chrono include from debug.h

Replace goto in create_ssl_ctx with exit

This commit adds a static function named put_uint16_varint to reduce
some code duplication when putting some transport parameters.

chrono is used by generate_token and verify_token and was previously
indirectly via debug.h.

This commit updates the server's create_ssl_ctx use exit(EXIT_FAILURE)
instead of using a goto label.

The motivation of this is to be consistent with create_ssl_ctx in
client.cc.

Use TLS_client_method and TLS_server_method

Use ngtcp2_conn_state as type for state field

When compiling with the flag -Wswitch-enum there are a number of
warnings like the following:
ngtcp2_conn.c:7960:11: warning:
7 enumeration values not handled in switch:
  'NGTCP2_CS_CLIENT_INITIAL',
  'NGTCP2_CS_CLIENT_WAIT_HANDSHAKE',
  'NGTCP2_CS_CLIENT_TLS_HANDSHAKE_FAILED'... [-Wswitch]
  switch (conn->state) {

This commit adds a default clause to avoid this as they are reported as
errors on the CI server and failing the build.

This commit changes the TLS_method() used by the client and server to
use more specific TLS_client_method() and TLS_server_method().

The main difference between these two are ossl_statem_accept is
undefined for the client, and ossl_statem_connect is undefined for the
server:

IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
                        TLS_server_method,
                        ossl_statem_accept,
                        ssl_undefined_function, TLSv1_2_enc_data)

IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
                        TLS_client_method,
                        ssl_undefined_function,
                        ossl_statem_connect, TLSv1_2_enc_data)

ossl_statem_accept and ossl_statem_connect are defined like this:

int ossl_statem_accept(SSL *s) {
    return state_machine(s, 1);
}
int ossl_statem_connect(SSL *s) {
    return state_machine(s, 0);
}

So they are both calling state_machine but with setting the server
parameter to 1 and 0 (for the client).

The functions ossl_statem_accept and ossl_statem_connect are only usedin
ssl/statem/statem_lib.c as far as I can tell. The tls_finish_handshake
function has the following if statement:

if (s->server) {
  ...
  s->handshake_func = ossl_statem_accept;
} else {
  ...
  s->handshake_func = ossl_statem_connect;
}

So for a server, s->handshake_func would be ossl_statem_accept which just
calls state_machine(s, 1), and or a client it would be
ossl_statem_connect which calls state_machine(s, 0).

So it looks like setting both, as in using TLS_method(), is not
neccessary and it should be safe to use TLS_client_method(),
TLS_server_method() instead.

Move template.h into server.cc

Add Wireshark configuration steps

This commit suggests updating ngtcp2_conn's state field to be of type
ngtcp2_conn_state instead of type int.