[server] Add health check HTTP endpoint for Relay server (#4297)

The health check endpoint listens on a dedicated HTTP server.
By default, it is available at 0.0.0.0:9000/health. This can be configured using the --health-listen-address flag.

The results are cached for 3 seconds to avoid excessive calls.

The health check performs the following:

Checks the number of active listeners.
Validates each listener via WebSocket and QUIC dials, including TLS certificate verification.

shared/relay/tls/alpn.go

@@ -1,3 +1,3 @@
 package tls
 
-const nbalpn = "nb-quic"
+const NBalpn = "nb-quic"

shared/relay/tls/client_dev.go

@@ -20,7 +20,7 @@ func ClientQUICTLSConfig() *tls.Config {
 
 	return &tls.Config{
 		InsecureSkipVerify: true,             // Debug mode allows insecure connections
-		NextProtos:         []string{nbalpn}, // Ensure this matches the server's ALPN
+		NextProtos:         []string{NBalpn}, // Ensure this matches the server's ALPN
 		RootCAs:            certPool,
 	}
 }

shared/relay/tls/client_prod.go

@@ -19,7 +19,7 @@ func ClientQUICTLSConfig() *tls.Config {
 	}
 
 	return &tls.Config{
-		NextProtos: []string{nbalpn},
+		NextProtos: []string{NBalpn},
 		RootCAs:    certPool,
 	}
 }

shared/relay/tls/server_dev.go

@@ -23,7 +23,7 @@ func ServerQUICTLSConfig(originTLSCfg *tls.Config) (*tls.Config, error) {
 	}
 
 	cfg := originTLSCfg.Clone()
-	cfg.NextProtos = []string{nbalpn}
+	cfg.NextProtos = []string{NBalpn}
 	return cfg, nil
 }
 
@@ -74,6 +74,6 @@ func generateTestTLSConfig() (*tls.Config, error) {
 
 	return &tls.Config{
 		Certificates: []tls.Certificate{tlsCert},
-		NextProtos:   []string{nbalpn},
+		NextProtos:   []string{NBalpn},
 	}, nil
 }

shared/relay/tls/server_prod.go

@@ -12,6 +12,6 @@ func ServerQUICTLSConfig(originTLSCfg *tls.Config) (*tls.Config, error) {
 		return nil, fmt.Errorf("valid TLS config is required for QUIC listener")
 	}
 	cfg := originTLSCfg.Clone()
-	cfg.NextProtos = []string{nbalpn}
+	cfg.NextProtos = []string{NBalpn}
 	return cfg, nil
 }