feat(core): expose TLS ConnectionState (SNI) for DoQ

[nicholasamorim]

1. Why is this pull request needed and what does it do?

I'm not sure if this feature is welcome but I've been patching my own CoreDNS source code with this and thought it might be useful as it simply exposes information that we also have access on a TLS stream but over the QUIC stream. This is useful for me to get the ServerName for example so that I can make routing decisions based on that. This is currently available via DoH and DoT but it's lacking on DoQ.

Effectively, this becomes possible:

if cs, ok := w.(dns.ConnectionStater); ok {
      if state := cs.ConnectionState(); state != nil {
          sni := state.ServerName // "my.dns.com"
      }
  }

DoQWriter previously stored only the QUIC stream, so plugins reading TLS state via dns.ConnectionStater (e.g. for SNI-based routing or auditing) could not see anything for DoQ connections, even though the underlying QUIC connection carries a full tls.ConnectionState.

This change adds a *quic.Conn reference to DoQWriter and wires it in serveQUICStream.

It implements dns.ConnectionStater on *DoQWriter, returning the TLS state from the underlying QUIC connection (mirrors the DoT behavior that miekg/dns already provides for *tls.Conn)

Forwards ConnectionState through request.ScrubWriter, which wraps every response writer before the plugin chain runs; the embedded dns.ResponseWriter interface does not promote ConnectionState (it belongs to a separate interface), so without this plugins would still see nil for both DoQ and DoT.

2. Which issues (if any) are related?

Couldn't find any open issues related to this.

3. Which documentation changes (if any) need to be made?

I couldn't find anything related to this.

4. Does this introduce a backward incompatible change or deprecation?

No.