Usage of constant value for GREASE transport parameter make quinn vulnerable to fingerprinting by quic transport parameters.

[mstyura]

Currently quinn uses constant value as GREASE reserved random parameter.

quinn/quinn-proto/src/transport_parameters.rs

Lines 303 to 305 in 9386cde

	// Add a reserved parameter to keep people on their toes
	w.write_var(31 * 5 + 27);
	w.write_var(0);

This make quinn client side users vulnerable to fingerprinting by predictable patterns during handshake. Thanks to ability to inject custom TLS backend like quinn-boring most of TLS handshake is configurable, except the content of quic transport parameters extension.

As a prevention actions I see the following steps:

1. Generate random transport parameter, like it is done quic-go or quiche]: #2057: Use randomly generated GREASE transport parameter. #2058
2. Make it optional;
3. Implement permutation of transport parameters, like it is done in quiche.

[Ralith]

All three of those sound like nice improvements to me!