This commit adds ability to check status of cached file descriptor to
make sure that it can be reused.  We inspect last modification time
and number of hard links.  If last modification is changed from the
last validation time, or number of hard links gets 0, we don't reuse
file descriptor.  We also capped upper limit of the cached file
descriptors.  If the limit is reached, we will close file descriptor
which is least recently used, and its usecount is 0.

This is very simple API, and it returns nonzero if session is
initialized as server.

When stream is removed from tree, stream is either closed, or its
remote flow control window is depleted.  In the latter case, we
schedule this stream as fast as possible if its remote window gets
positive, since it did not sent anything in its turn.  To achieve
this, reset last_writelen to 0 when stream is removed from tree.

When connection is dropped, we get "nonzero" error code ec in
read_socket callback.  We can just call on_error callback if ec is
nonzero.  But there is a problem when we did ordered shutdown.  In
this case, we also get EOF in ec, but we don't want to call on_error
because it is not an error.  To workaround this, we check return value
of should_stop().  If it is true, then we assume that HTTP/2 session
cleanly ended, and we don't call on_error.

To make use cache fd more robust manner (e.g. among several
connections), eviction of cached file descriptor now takes place using
timer.  The timer is started when there is no handler (no
connections).  The timeout value is hard-coded and 2 seconds.

This commit allows user to override user-agent with -H option.  We
also enabled custom header support for http/1.1 requests.  We also did
minor optimizations (std::vector::reserve).

This commits enables HTTP/2 server push from HTTP/2 backend to be
relayed to HTTP/2 frontend.  To use this feature, --http2-bridge or
--client is required.  Server push via Link header field contiues to
work.

For clients, CANCEL is more appropriate for both incoming/outgoing
streams.  For servers, CANCEL is appropriate for its pushed stream
(outgoing), but REFUSED_STREAM is more appropriate for incoming
stream.

Apply typo fixes to the original source files in the previous commit
which were done in generated text.

This is a regression when we introduced SSL/TLS session resumption in
HTTP/2 backend.  Before the introduction of session resumption,
conn_.tls.ssl is always nullptr when connection is made to proxy.  But
we have to keep conn_.tls.ssl to enable session resumption, so our
code breaks when it is reused.  This commit fixes this issue.

See GH-421

added apparmor profile

To validate actual response body length against the value declared in
content-length response header field, we first check request method.
If request method is HEAD, respose body must be 0 regardless of the
value in content-length.  nghttp2_session_upgrade() has no parameter
to indicate the request method is HEAD, so we failed to validate
response body if HEAD is used with HTTP Upgrade.  New
nghttp2_session_upgrade2() accepts new parameter to indicate that
request method is HEAD or not to fix this issue.  Although, this issue
affects client side only, we deprecate nghttp2_session_upgrade() in
favor of nghttp2_session_upgrade2() for both client and server side.

By default, we check the length of response body matches
content-length.  For HEAD request, this is not necessarily true, so we
sniff request method, and if it is HEAD, make sure that response body
length is 0.  But this does not work for HTTP Upgrade, since
nghttp2_session_upgrade() has no parameter to tell the request method
was HEAD.  This commit disables this response body length validation
for the stream upgraded by HTTP Upgrade.  We will add new version of
nghttp2_session_upgrade with the parameter to pass the request method
information so that we can handle this situation properly.