Rebase on Go 1.22.0

[Lekensteyn]

Changes:

• Update GitHub action from actions/checkout@v3 to actions/checkout@v4, no functional change.
• Fix conflict in src/go.mod, src/go.sum, and src/vendor/modules.txt due to CIRCL, updated golang.org/x/crypto/blake2b and golang.org/x/crypto/blake2s vendor since Go 1.22.0 bumped golang.org/x/crypto.
• Updated CIRCL to silence a dependabot check about kyberslash2 (https://github.com/cloudflare/go/security/dependabot/24). TLS usage is not affected, so the report is bogus. However, to please the check I bumped it anyway. This updates to the current CIRCL main branch with Reduce x/crypto and x/sys versions to match Go 1.21 circl#476 to avoid needless vendoring conflicts.

git range-diff go1.21.5..34129e4704 go1.22.0..8def165034 # go1.21.5..bas/1.21.5 go1.22.0..pwu/cf-1.22.0

git range-diff output with some vendor output truncated (before the circl update)

 1:  8226a06d32 =  1:  5f4205bb70 Add README (#158)
 2:  5578e3a0ab <  -:  ---------- VERSION: add cf tag
 -:  ---------- >  2:  8319b89c47 VERSION: add cf tag
 3:  cda891119f =  3:  3aca8964f3 cmd/go/internal/imports, go/build: add cfgo build tag
 4:  d3eeea3d6e !  4:  09d2fa0fef .github: add docker-compose.yaml and GitHub Action for CI
    @@ .github/workflows/test.yml (new)
     +  test:
     +    runs-on: ubuntu-latest
     +    steps:
    -+      - uses: actions/checkout@v3
    ++      - uses: actions/checkout@v4
     +      - name: Run tests
     +        run: ./all.bash
     +        working-directory: src
 5:  73d852fcbc <  -:  ---------- .github: replace upstream templates and CODE_OF_CONDUCT.md
 -:  ---------- >  5:  aa3baed4f4 .github: replace upstream templates and CODE_OF_CONDUCT.md
 6:  420b980896 =  6:  f70a6923de cmd/api: ignore CF-specific API changes
 7:  b94b89b8bd =  7:  32fb8eea5e go/build: don't check dependencies of vendored circl library
 8:  df6d044139 =  8:  848000bdf3 crypto/tls: expose inter-handshake timing via CFEventHandlerContextKey
 9:  c77a36be91 !  9:  55f53b8a7a crypto/tls: Add hybrid post-quantum key agreements
      ## src/go.mod ##
     @@ src/go.mod: module std
    - go 1.21
    + go 1.22
      
      require (
     +	github.com/cloudflare/circl v1.3.3
    - 	golang.org/x/crypto v0.11.1-0.20230711161743-2e82bdd1719d
    - 	golang.org/x/net v0.12.1-0.20231027154334-5ca955b1789c
    + 	golang.org/x/crypto v0.16.1-0.20231129163542-152cdb1503eb
    + 	golang.org/x/net v0.19.0
      )
     
      ## src/go.sum ##
     @@
     +github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
     +github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
    - golang.org/x/crypto v0.11.1-0.20230711161743-2e82bdd1719d h1:LiA25/KWKuXfIq5pMIBq1s5hz3HQxhJJSu/SUGlD+SM=
    - golang.org/x/crypto v0.11.1-0.20230711161743-2e82bdd1719d/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
    - golang.org/x/net v0.12.1-0.20231027154334-5ca955b1789c h1:d+VvAxu4S13DWtf73R5eY//VaCk3aUcVdyYjM1SX7zw=
    + golang.org/x/crypto v0.16.1-0.20231129163542-152cdb1503eb h1:1ceSY7sk6sJuiDREHpfyrqDnDljsLfEP2GuTClhBBfI=
    + golang.org/x/crypto v0.16.1-0.20231129163542-152cdb1503eb/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
    + golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
     @@
    @@ src/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go (new)
<snip>
    @@ src/vendor/golang.org/x/crypto/blake2s/blake2s_386.go (new)
<snip>
    @@ src/vendor/modules.txt
     +github.com/cloudflare/circl/pke/kyber/kyber768/internal
     +github.com/cloudflare/circl/simd/keccakf1600
     +github.com/cloudflare/circl/xof
    - # golang.org/x/crypto v0.11.1-0.20230711161743-2e82bdd1719d
    - ## explicit; go 1.17
    + # golang.org/x/crypto v0.16.1-0.20231129163542-152cdb1503eb
    + ## explicit; go 1.18
     +golang.org/x/crypto/blake2b
     +golang.org/x/crypto/blake2s
      golang.org/x/crypto/chacha20
10:  dc1c0c79b9 ! 10:  a8712834ab crypto: add support for CIRCL signature schemes
    @@ src/vendor/modules.txt: github.com/cloudflare/circl/pke/kyber/kyber512
     +github.com/cloudflare/circl/sign/schemes
      github.com/cloudflare/circl/simd/keccakf1600
      github.com/cloudflare/circl/xof
    - # golang.org/x/crypto v0.11.1-0.20230711161743-2e82bdd1719d
    + # golang.org/x/crypto v0.16.1-0.20231129163542-152cdb1503eb
11:  6a50b3d42a = 11:  df62efe56f crypto/tls: implement draft-ietf-tls-subcerts-10
12:  1387f2ccff = 12:  c7d7d4bee8 crypto/tls: implement draft-ietf-tls-esni-13
13:  e1775667b4 = 13:  e5ba58a32b Set GOTOOLCHAIN to local to prevent auto-download of new Go
14:  5ce4b7fcaa = 14:  577a31eea2 Add tls.Config.ClientCurveGuess to allow specifying which keyshares to send
15:  85849707b8 = 15:  6d3a8157c4 Use server's preferred key agreement
16:  34129e4704 = 16:  8def165034 Add dummy key agreement with codepoint 0xfe33 (#162)

[bwesterb]

Thanks Peter. Let's bump circl if it's effortless — otherwise don't bother.

[Lekensteyn]

I updated CIRCL from v1.3.3 to v1.3.8-0.20240208083452-454cfdc0f6c7 in the three commits that vendor parts of circl:

$ git log --oneline go1.22.0..gh/cf vendor/github.com/cloudflare
1387f2ccff crypto/tls: implement draft-ietf-tls-esni-13
dc1c0c79b9 crypto: add support for CIRCL signature schemes
c77a36be91 crypto/tls: Add hybrid post-quantum key agreements

using

go get github.com/cloudflare/circl@454cfdc0f6c759ffa5a57e5cc2da8286a7805a54 && go mod tidy && go mod vendor && go mod tidy && echo ok

No other changes were done. Ready for final review.

[bwesterb]

No other changes were done. Ready for final review.

lgtm