Add covert-dtls to proxy and client

Related to #40014 and superseds !448 (closed). I created a new MR as the old one became stale due to merge conflicts.

This MR implements mimicking and randomization of DTLS client hello messages using my covert-dtls library.

A discussion about deploying covert-dtls with snowflake is given in https://www.petsymposium.org/foci/2025/foci-2025-0006.pdf. Shortly summarized:

• Covert-dtls is most useful at the proxy, since it is the one sending the Client Hello message in a DTLS handshake.
• Proxies with mimicking is close to baseline stability. Failure rate for handshakes were 18% with mimcking vs 12% for the baseline.
• Proxies with randomization is less stable (27% handshake failure), but still comparable to Chrome webextensions observed instability (25%).
• We need to adopt DTLS 1.3 as browsers are using them, however using covert-dlts can provide fingerprint-resistance meanwhile we wait for Pion to implement 1.3. At the time of writing the paper, only Firefox had DTLS 1.3 by default in WebRTC, but Chrome has DTLS 1.3 by default on all platforms now too.

Should we enable picking random fingerprints to mimick by default in proxies or should we ask those who host standalone proxies to enable the flag manually?