udpobfs -- simple point-to-point UDP obfuscation proxy

This is trivial UDP proxy, that obfuscates UDP traffic between two UDP
ports. It does no handshaking, no key agreement, no peer authentication,
weak replay protection. Key setup/renew must be made for example through
OpenSSH, TLS or similar channels. udpobfs's purpose is to obfuscate UDP
traffic between two WireGuard peers with minimal CPU and traffic overhead.

Assume that WG was running peered with [2001:db8::dc]:1194.
You can run two udpobfs instances to obfuscate traffic between them:

    # udpobfs -keygen > key.txt

    wg0# wg set endpoint [::1]:4911
    wg0# udpobfs -bind [::1]:4911 -dst [2001:db8::ac]:1194 < key.txt

    wg1# wg set listen-port 21194
    wg1# udpobfs -bind [2001:db8::ac]:1194 -dst [::1]:21194 -responder < key.txt

One of the instances is responder -- it awaits when initiator starts
talking. If UDP binded connection is lost, daemon exits. So it is
advisable to run it under process supervisor.

udpobfs continuously reads Base32-encoded 256-bit keys from stdin -- you
can renew them without restarting the daemons. Of course there is some
time window when key knowledge differs on both peers and they will loose
the traffic. Not a big deal.

Obfuscated packet is 8 bytes longer, so you have to slightly lower your
MTU in VPN tunnel.