fix(pr3): adapt to quic-go v0.59.0 API — drop H3App, capture h3 SETTINGS via http3.Settingser

quic-go v0.59.0 (shipped with Caddy v2.11.2) removed quic.Connection as
a public interface and quic-go/logging as a public package, breaking
H3App's connection-wrapping approach.

Resolution:
- Remove H3App (h3app.go) entirely; Caddy handles h3 natively when h3
  is in the protocols list.
- Rewrite h3conn.go to keep only tryParseH3ControlStream + varint/name
  utilities (tested, useful for future stream-level tapping if the API
  ever re-exposes it).
- FPHandler.ServeHTTP: for h3 requests, type-assert ResponseWriter to
  http3.Settingser (the public interface exposed by quic-go/http3 v0.59),
  read the peer's Settings after ReceivedSettings channel closes, emit
  h3_settings fp record.
- https/entrypoint.sh: include h3 in CADDY_PROTOCOLS (Caddy now owns
  UDP/443); remove DECNET_H3_GLOBAL block.
- Update go.mod/go.sum to caddy v2.11.2 + quic-go v0.59.0.
- Update test_https_compose_h3_app.py to expect h3 in protocols when
  http/3 is selected, and assert decnet_h3 block is absent.
- All Go tests (9) and Python tests (15) remain green.

tests/services/test_https_compose_h3_app.py

@@ -99,15 +99,11 @@ import json, os, sys
 versions = json.loads(os.environ.get("HTTP_VERSIONS", '["http/1.1"]'))
 tokens = []
 if "http/1.1" in versions: tokens.append("h1")
-if "http/2" in versions: tokens.append("h2")
+if "http/2" in versions:   tokens.append("h2")
+if "http/3" in versions:   tokens.append("h3")
 caddy_protocols = " ".join(tokens) if tokens else "h1"
 
-h3_global = ""
-if "http/3" in versions:
-    h3_global = "  decnet_h3"
-
 print("CADDY_PROTOCOLS=" + caddy_protocols)
-print("DECNET_H3_GLOBAL=" + h3_global)
 """
         r = subprocess.run(
             ["python3", "-c", extract],
@@ -121,30 +117,33 @@ print("DECNET_H3_GLOBAL=" + h3_global)
 
         caddyfile_content = template
         caddyfile_content = caddyfile_content.replace("${CADDY_PROTOCOLS}", vars_.get("CADDY_PROTOCOLS", "h1"))
-        caddyfile_content = caddyfile_content.replace("${DECNET_H3_GLOBAL}", vars_.get("DECNET_H3_GLOBAL", ""))
         caddyfile_content = caddyfile_content.replace("${CERT}", cert_path)
         caddyfile_content = caddyfile_content.replace("${KEY}", key_path)
         return caddyfile_content
 
 
 class TestHTTPSCaddyfileH3:
-    def test_h3_selected_adds_decnet_h3_block(self):
+    def test_h3_selected_adds_h3_to_protocols(self):
+        """With h3 selected, Caddy's protocols line must include h3."""
         caddyfile = run_entrypoint_to_caddyfile(["http/1.1", "http/2", "http/3"])
-        assert "decnet_h3" in caddyfile, f"expected decnet_h3 in:\n{caddyfile}"
-
-    def test_h3_selected_omits_h3_protocol(self):
-        caddyfile = run_entrypoint_to_caddyfile(["http/1.1", "http/2", "http/3"])
-        # Caddy protocols line must NOT contain h3 — H3App owns UDP/443.
         import re
         proto_match = re.search(r"protocols\s+(.*)", caddyfile)
         assert proto_match is not None, "no protocols line found"
-        proto_line = proto_match.group(1)
-        assert "h3" not in proto_line, f"h3 must not appear in protocols: {proto_line!r}"
+        assert "h3" in proto_match.group(1), f"h3 missing from protocols: {proto_match.group(1)!r}"
 
-    def test_h1_h2_only_no_decnet_h3(self):
-        caddyfile = run_entrypoint_to_caddyfile(["http/1.1", "http/2"])
+    def test_h3_no_separate_decnet_h3_block(self):
+        """decnet_h3 app is removed; the Caddyfile must never contain that token."""
+        caddyfile = run_entrypoint_to_caddyfile(["http/1.1", "http/2", "http/3"])
         assert "decnet_h3" not in caddyfile, f"unexpected decnet_h3 in:\n{caddyfile}"
 
+    def test_h1_h2_only_no_h3_in_protocols(self):
+        """Without h3 in HTTP_VERSIONS, h3 must not appear in the protocols line."""
+        caddyfile = run_entrypoint_to_caddyfile(["http/1.1", "http/2"])
+        import re
+        proto_match = re.search(r"protocols\s+(.*)", caddyfile)
+        if proto_match:
+            assert "h3" not in proto_match.group(1), f"unexpected h3 in protocols: {proto_match.group(1)!r}"
+
     def test_h1_only_protocols_line(self):
         caddyfile = run_entrypoint_to_caddyfile(["http/1.1"])
         import re