Add ECH Support (Cloudflare Enabled it by default)

[Gharib110]

Describe the feature

I have noticed that cloudflare enabled ech by default which camouflage the real sni of connection with cloudflare-ech.com (inner and outer sni, refer you to the official cloudflare blog)

check it with dig +short rutracker.net HTTPS

I have tested it with sing-box which use https://github.com/cloudflare/circl to implement ech key generation and cloudflare use this repo for its own infrastructure too.

The Application Layer Protocol Negotiation with my observations based on the Sing-Box app should be http/1.1 or h3. I could not realize why h2 does not work !

Describe the reason for such feature

It could be helpful for circumventing the DPI systems. It requires h3 as ALPN too along with a DOH to prevent real sni leakage in dns queries.
The censorship systems try to censor the SNI of the websocket connections but the SNI will be cloudflare-ech.com if you implement it.

Thank you for this amazing project
My full description is available in this issue.
https://github.com/net4people/bbs/issues/431#issue-2723063560
I can also provide my Wireshark traffic dump for inspection.

Describe alternatives you've considered

Maybe proxifying the whole traffic through the Sing-Box with ech enabled.