Implement keep-alive mechanism in `firezone-connection`

[thomaseizinger]

We will need a keep-alive mechanism to keep NAT mappings open even if no data is being sent. Wireguard already has this functionality.

In addition, we can patch boringtun to expose a simple getter: time_since_last_packet, similar to https://docs.rs/boringtun/latest/boringtun/noise/struct.Tunn.html#method.time_since_last_handshake.

Depending on what we set the wireguard keepalive to, checking the newly introduced getter allows us to very quickly detect connectivity problems even before wireguard itself times out (which is after 5 failed keep alives I think).

[thomaseizinger]

cc @conectado @jamilbk Let me know what you think of this idea.

[thomaseizinger]

So I looked into this and boringtun already keeps track on when we have last received a packet from the remote. We can expose that as a "last_seen" timestamp.

wireguard's keepalive is just sending an empty packet so will update the timer. So if we set the keepalive to for example 5 seconds, then we will always have a "last_seen" timestamp that is < 5 seconds old. If it is more than 5 seconds, we know that there are connectivity problems on this particular connection.

[thomaseizinger]

Upstream PR here: cloudflare/boringtun#392