Restrict QUIC crypto algorithms, switch to Dalek for {X,Ed}25519

[ripatel-fd]

Problem

The Agave QUIC server allows a lot of QUIC-TLS protocol options that are unused.

Summary of Changes

Hardens the list of crypto algorithms imported for QUIC-TLS.
Switch QUIC server to same Curve25519 backend as transaction and shred sigverify.

Nodes running this PR can connect to and accept connections from older nodes without any config change.

• Only support TLS certs with an Ed25519 public key (remove support for RSA, ECDSA, etc)
• Only support the X25519 key exchange algorithm
• Only support TLS13_AES_128_GCM_SHA256 and TLS13_CHACHA20_POLY1305_SHA256 cipher suites
• Add custom rustls crypto provider
• Add public API for creating TLS configs for QUIC endpoints
• Use ed25519-dalek instead of ring for Ed25519
• Use x25519-dalek instead of ring for X25519

Relates to lijunwangs#3

Fixes #

[KirillLykov]

I like the boilerplate code is isolated now. The only thing is that I would like to see maybe a bit more documentation on this module side. Like:

//! This module is to use ed25519_dalek which is known to be better for this and that reason

[lijunwangs]

Need to put after dashmap to make dependency sorted.

[lijunwangs]

Can you document the compatibility tests done?

[ripatel-fd]

Can you document the compatibility tests done?

I switched Firedancer's QUIC agave compat test in the contrib directory to use this PR. Agave server->Firedancer client, and Agave client->Firedancer server connectivity worked fine.

I should probably add another test to this PR doing connectivity tests between this proposed rustls config with a custom crypto backend versus a "stock" rustls with ring cryptography.

[ripatel-fd]

I'm still busy with Firedancer work, so I can't guarantee that I can finish this PR by the end of the week. Feel free to propose changes to the PR meanwhile. If you'd like to get it merged sooner, feel free to take over the PR.