Pad the first 5 frames to mitigate encapsulated TLS handshakes detection

[cbeuw]

Xue et al. pointed out the problem of encapsulated TLS handshakes in Fingerprinting Obfuscated Proxy Traffic
with Encapsulated TLS Handshakes, whereby censors can look at the size and direction of the first few TCP packets to detect whether a TLS-in-TLS handshake is happening, indicating proxied TLS traffic. We pad the first few frames on a stream opening (up to 239 bytes) to mitigate this.

Yet, we show that simple random padding schemes
drawing padding sizes from limited ranges (e.g., vmess: [0,
63]), while increasing the challenge, doesn’t render detec-
tion infeasible (TPR: 0.859 → 0.687 for vmess-ws-tls after
padding).

[notsure2]

@cbeuw how about also half duplex with multiplex and without (like softether)

[cbeuw]

@notsure2 I've opened an issue #284

[codecov]

Codecov Report

Attention: Patch coverage is 84.21053% with 3 lines in your changes missing coverage. Please review.

Project coverage is 62.58%. Comparing base (19c8cd1) to head (8bbc7b0).
Report is 3 commits behind head on master.

Files with missing lines	Patch %	Lines
internal/multiplex/obfs.go	83.33%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #283      +/-   ##
==========================================
- Coverage   62.75%   62.58%   -0.18%     
==========================================
  Files          38       38              
  Lines        3182     3167      -15     
==========================================
- Hits         1997     1982      -15     
+ Misses       1010     1008       -2     
- Partials      175      177       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.