quic: send correct OpenSSL alert for ALPN mismatches

[pimterry]

Currently if the QUIC server doesn't agree with any of the client's proposed protocols, it returns SSL_TLSEXT_ERR_NOACK to OpenSSL, which in normal TLS acts as "ignore ALPN". Since it's obligatory in QUIC this doesn't work - the resulting test checking this was actually receiving an internal_error alert (336n) on the wire when this happened. This does fail the connection, but it's clearly not correct.

We now return SSL_TLSEXT_ERR_ALERT_FATAL instead, which sends the proper no_application_protocol TLS alert to the client instead, as required by the RFC.

This has notably pointed out to me that we have no nice error messages in here: on the JS side, these just reference the raw error code (now 376n) with no other info. I'll bring in a general fix for error handling in another PR, watch this space.

[nodejs-github-bot]

Review requested:

• @nodejs/quic

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.04%. Comparing base (b5da751) to head (a4a20cc).
⚠️ Report is 7 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff            @@
##             main   #63193    +/-   ##
========================================
  Coverage   90.03%   90.04%            
========================================
  Files         713      713            
  Lines      224510   224926   +416     
  Branches    42438    42533    +95     
========================================
+ Hits       202148   202535   +387     
- Misses      14163    14175    +12     
- Partials     8199     8216    +17     

see 45 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.