Research and relevant mitigations for ALPACA attack

[foxcpp]

Ref. https://alpaca-attack.com/

We believe it is a popular to use the same certificate for web server and mail server (e.g. #296) therefore maddy could be affected by this attack when using in such way.

We should advise against using it and/or add necessary mitigations to the code.

• [ ] Implement ALPN and require strict matching when negotiated (IMAP, there is no standard value for SMTP but negative check might be possible).
• [x] Discard SMTP connections if commands look like HTTP requests.
• [ ] Discard IMAP connections if commands look like HTTP requests.
• [ ] Add recommendation in the documentation covering this problem.

[foxcpp]

On point 2: go-smtp terminates the connection after just 3 protocol errors, this is enough to terminate connection if any HTTP request is misdirected to the server.