Make sure we close the data channel and peer connection created for our
NAT check, regardless of the outcome.

For the chrome://extensions page.

Fixes #33

This used to be required for Chrome and Firefox to interoperate a long
time but is deprecated and being removed,
https://bugs.chromium.org/p/chromium/issues/detail?id=804275

Chrome was complaining,
"The constraint "DtlsSrtpKeyAgreement" will be removed. You have
specified a "true" value for this constraint, which has no effect, but
you can remove this constraint for tidiness."

It's still the case that torproject.net can be blocked on residential or
public networks, so we're going with the safer freehaven.net domain.

`window` isn't defined in service workers

They've been removed,
https://www.chromestatus.com/feature/6485681910054912

Chrome was raising a warning,
"RTP data channels are no longer supported. The "RtpDataChannels"
constraint is currently ignored, and may cause an error at a later
date."

Addresses vulns in subdependencies that `npm audit` was complaining
about,
https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw

It looks like there have been several browser security improvements to
prevent CSRF attacks. Chrome and Firefox now require cross-site cookies
to have the secure and samesite attributes set.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#samesite_attribute
https://www.chromium.org/updates/same-site

This clients variable was never updated. The actual counter of clients is the
length of Snowflake.proxyPairs, wich is used in other places to check that we
are not exceeding the maximum number of clients.

Client number is rounded down to 8. Currently the webextension doesn't
support more than one client, and the client counter is actually never
updated internally. So this code effectively always returns 0.

Related to snowflake#40048

From https://github.com/advisories/GHSA-6fc8-4gx4-v693

Only affects ws servers, which aren't used here so a release isn't
necessary.

The breaking changes between major versions 3 - 5 seem fine.

For https://github.com/advisories/GHSA-ww39-953v-wcq6

Only affects a dev dependency.

There's a low severity vuln in one of cldr's deps that needs updating.
The major version bump of cldr is because it drops support for node.js
v8, which is EOL.

The dependencies are packages used in the shim while the node version of
the proxy is running.  cldr is only used when running the build script.

This was done with `npm i cldr --save-dev`

Part of #7

On the next line 'en_US' is pushed unconditionally.

Part of #12

We can always remove this if transifex is ever updated to stop producing
these unnecessary translations.

This consolidates it from either a Set or an object literal to just a
Map in all cases.

Fixes #21

This fixes two bugs in the NAT update process:
- one bug wasn't updating the NAT type we advertize to the broker
- one bug passed an already evaluated function to setTimeout

Only set the NAT type to restricted after we fail to connect to a
restricted client 3 times in a row.

If a previous NAT check has succeeded and we fail to contact the probe
server, do not set the NAT type to unknown. Most proxies will probably
not change their NAT type frequently, so this will prevent an outage of
the probe service from wiping out our unrestricted proxy pool.

Fixes #18