Bound line reads with readLineLimited to prevent a peer from exhausting
memory by withholding line terminators, wrap previously bare error
returns for consistent context, surface XML decoder Skip errors, and
replace the goto in the XMPP feature scan with a labeled break. New
starttls_test.go exercises SMTP/IMAP/POP3/XMPP/LDAP success and
not-advertised paths through net.Pipe-mocked servers.
The SDK split the HTTP server scaffolding into the new
checker-sdk-go/checker/server subpackage. Update main.go to import
server and call server.New, and isolate the interactive form code
behind the standalone build tag so plugin/builtin builds skip
net/http entirely.
Add Chain []CertInfo to TLSProbe, carrying per-cert DER and precomputed
TLSA hashes (Cert/SPKI, SHA-256/SHA-512) plus the raw SPKI DER. This
lets downstream checkers (checker-dane) perform TLSA matching against
the observed chain without re-running a TLS handshake.
