feat: support DNS Stamp upstream format

[0xERR0R]

closes #1284

[codecov]

Codecov Report

❌ Patch coverage is 75.86207% with 28 lines in your changes missing coverage. Please review.
✅ Project coverage is 90.89%. Comparing base (acbf953) to head (2e478e8).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
config/upstream.go	76.47%	12 Missing and 4 partials ⚠️
resolver/upstream_resolver.go	73.33%	5 Missing and 3 partials ⚠️
resolver/caching_resolver.go	50.00%	1 Missing ⚠️
resolver/conditional_upstream_resolver.go	0.00%	1 Missing ⚠️
resolver/query_logging_resolver.go	0.00%	1 Missing ⚠️
resolver/sudn_resolver.go	50.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1922      +/-   ##
==========================================
+ Coverage   90.80%   90.89%   +0.09%     
==========================================
  Files          92       92              
  Lines        7012     7071      +59     
==========================================
+ Hits         6367     6427      +60     
- Misses        479      481       +2     
+ Partials      166      163       -3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull Request Overview

This PR adds support for DNS Stamp format (sdns://...) for upstream DNS server configuration, including optional certificate pinning functionality. DNS Stamps provide a compact, standardized way to encode DNS server parameters following the IETF draft specification.

Key Changes:

• DNS Stamp parsing support for Plain DNS, DoH, and DoT protocols
• Certificate pinning implementation using SHA256 fingerprints from DNS stamps
• Comprehensive test coverage for stamp parsing and certificate validation

Reviewed Changes

Copilot reviewed 14 out of 15 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
config/upstream.go	Adds DNS stamp parsing logic with protocol mapping and certificate fingerprint extraction
config/upstream_test.go	Comprehensive test coverage for DNS stamp parsing, validation, and backward compatibility
resolver/upstream_resolver.go	Implements certificate pinning verifier with constant-time comparison for security
resolver/upstream_resolver_test.go	Tests for certificate pinning validation across various scenarios
e2e/helper.go	Helper functions for generating DNS stamps and extracting container IPs in e2e tests
e2e/upstream_test.go	End-to-end tests validating DNS stamp functionality with actual DNS queries
config/config_test.go	Configuration loading tests for DNS stamp integration
docs/configuration.md	User documentation explaining DNS stamps, certificate pinning, and trade-offs
docs/config.yml	Example configuration showing DNS stamp usage
go.mod/go.sum	Adds go-dnsstamps dependency for DNS stamp parsing
.golangci.yml	Disables line-length linter for test files
Various test files	Removes redundant //nolint:lll comments after linter configuration change

Comments suppressed due to low confidence (1)

go.mod:3

• Go version 1.25 does not exist. As of January 2025, the latest Go version is 1.23.x. This should be changed to a valid Go version like go 1.23 or the minimum supported version for this project.

go 1.25

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.