fix(net): Avoid some self-connection nonce removal attacks

[teor2345]

Motivation

We want Zebra to continue to reject self-connections, even if a malicious peer replays one of our nonces.

Fixes #6339

Complex Code or Requirements

This code changes concurrent futures with futures-based mutex locking.
The amount of work done in the critical sections is small.

Solution

• Check for duplicate nonces from our internal random number generator
• Stop removing remote nonces after the first attempt that uses them: all attempts should be rejected
• Add a test that checks that self-connections fail

Manual Testing

I ran:

cd zebra-network
RUST_LOG=info cargo test -- --nocapture self_connections_should_fail

And got these logs:

...
2023-04-19T02:36:56.524554Z  INFO crawl_and_dial{new_peer_interval=1s}: starting the peer address crawler crawl_new_peer_interval=1s outbound_connections=0
2023-04-19T02:36:56.525989Z  INFO accept_inbound_connections{min_inbound_peer_connection_interval=1s listener_addr=Ok(127.0.0.1:39689)}:listen_accept{peer=In("127.0.0.1:39760")}: rejecting self-connection attempt connected_addr=In("127.0.0.1:39760")
2023-04-19T02:36:56.526043Z  INFO accept_inbound_connections{min_inbound_peer_connection_interval=1s listener_addr=Ok(127.0.0.1:39689)}:listen_accept{peer=In("127.0.0.1:39760")}: rejecting self-connection attempt connected_addr=Out("127.0.0.1:39689")
...

This shows that both sides of a self-connection reject that connection with a nonce reuse error.

Review

This is a routine audit fix.

Reviewer Checklist

• Will the PR name make sense to users?
  • Does it need extra CHANGELOG info? (new features, breaking changes, large changes)
• Are the PR labels correct?
• Does the code do what the ticket and PR says?
  • Does it change concurrent code, unsafe code, or consensus rules?
• How do you know it works? Does it have tests?

Follow Up

Add more unit tests:

• self-connections fail specifically because of a nonce rejection error
• multiple self-connections with the same nonce fail

These tests are complicated, so I don't think they are worth the effort to do now.

[codecov]

Codecov Report

Merging #6410 (2325311) into main (7681da3) will decrease coverage by 0.01%.
The diff coverage is 45.45%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6410      +/-   ##
==========================================
- Coverage   77.72%   77.71%   -0.01%     
==========================================
  Files         307      307              
  Lines       40282    40283       +1     
==========================================
- Hits        31310    31307       -3     
- Misses       8972     8976       +4     

[oxarbitrage]

Looks good to me, i made a few optional documentation suggestions.