It needs to cause the function to return (previously the "break" was
only breaking out of the select statement, not the for loop) and not
call closeWithErr (because the connection is already closed).

writePacket cannot be called concurrently per net.Conn, because it may
interleave writes. So store a mutex along with each net.Conn in connMap,
and use it to lock calls to writePacket.

non-net.Errors should not be treated as temporary errors.

				before		after
				------		-----
net.Error	Temporary	continue	continue
net.Error	!Temporary	fatal		fatal
not net.Error	*		continue	fatal

The old behavior closed the connection on handshake failure after:
 * The first N bytes (random on a per-server basis).
 * The first M seconds (random on a per-server basis).

Whichever came first.  As Sergey Frolov kindly points out, depending on
which conditions cause termination, the server will send either a FIN or
a RST.  This change will remove the "amount read" based termination
threshold, so that connections that cause failed handshakes will discard
all data received until the teardown time is reached.

Thanks to Sergey Frolov for bringing this issue to my attention.

 * Bump the module import to a new tag
 * Bump the rest of the dependencies while I'm here
 * Add some new fingerprints from upstream
 * Disable my fork's AES timing sidechannel defenses

Upstream fixed a bug, so use a tag that has the important parts
cherry-picked.

This should give me more time before I need to update this.

Mostly since the built-in pins will likely become invalid once the
certificates I used to generate them start to expire.

HPKP is effectively dead as far as a standard goes, but the idea has
merit in certain use cases, this being one of them.

As a TLS MITM essentially will strip whatever obfuscation that the
transport may provide, the digests of the SubjectPublicKeyInfo fields
of the Tor Browser Azure meek host are now hardcoded.

The behavior can be disabled by passing `disableHPKP=true` on the bridge
line, for cases where comaptibility is prefered over security.

Changes:
 * Use a fork of utls with some compatibility improvements.
 * Switch the default ClientHello profile to `HelloFirefox_Auto`.
 * Add the `HelloChrome_71` profile.

The existing `HelloFirefox_Auto` profile that points to
`HelloFirefox_63` also matches the (common) behavior of Firefox 65,
assuming that 3DES ciphersuites are not disabled.

Fix `getDialTLSAddr` to always return a integer port.  Thanks to dcf for
reporting the issue.

Per dcf:
> As for the TODO, my plan was was to expose a "utls" SOCKS arg
> to make it configurable per bridge, and just reuse the utls
> Client Hello ID names:
>	utls=HelloChrome_Auto

This adds support for all currently supported utls ClientHello IDs
with the following caveats/differences:

 * `none` - Disables using utls entirely, forces `crypto/tls`.
 * `HelloGolang` - Alias of `none`, since using utls is pointless.
 * `HelloCustom` - Omitted as pointless.

There's still some interesting oddities depending on remote server and
what fingerprint is chosen, but I can watch videos online with the
chosen settings and the TBB Azure bridge.

Note: Despite what people are claiming in the Tor Browser bug tracker
it isn't all that hard to use the built in http client with utls.  And
yes, the `transport.go` code does negotiate correctly in a standalone
test case (apart from compatibility related oddities).

 * Properly close the response body on HTTP error.
 * Cleanup close signaling.
 * Write() should return faster on closed connections.

Thanks to @SudoHenk on github for pointing out the issue long ago.

Mostly but not entirely discarding error return values of things that
can not possibly fail despite the API returning errors.

This is to silence some of the static analysis tools used in
development.  Despite `http.Client` and `http.Transport` being
suggested as an alternative, there is no way to accomplish current
functionality with either suggested replacement.

See: https://github.com/golang/go/issues/8285

This commit changes the upstream repo location to:
  https://gitlab.com/yawning/obfs4.git

Additionally all the non-`main` sub-packages now have an import
comment annotation.  As a matter of courtesy, I will continue to
push to both the existing github.com and git.torproject.org repos
for the foreseeable future, though I reserve the right to stop
doing so at any time.