Support SASL EXTERNAL and proxies for TLS connections

[jpneverwas]

Hi, thanks for making this library.

These changes are pretty minimal but may not be useful enough to warrant inclusion. I can probably do better if it turns out folks are at all interested.

Update

I've changed things up slightly so the proxy settings affect non-TLS connections as well.

Most likely you know this, but in case there are new people around, it's sometimes convenient to use SSH as a SOCKS5 proxy service for trying things out locally. You can see the effects of both normal and TLS connections by running a simple server, like Oragono, on 6667 and 6697.

$ docker run --rm \
  --publish 127.0.0.1:6667:6667 \
  --publish 127.0.0.1:6697:6697 \
  docker.io/oragono/oragono:v2.6.1

On Linux you'd then do something like the following:

1. If sshd isn't running, start it locally (you don't have to open any ports)
   and add your public key to .ssh/authorized_keys, perhaps temporarily
2. In a terminal, run sudo tcpdump -i lo -nnX "port 1080"
3. And in another terminal: ssh -TND 1080 localhost
4. Tweak the examples/tests to expect your Oragono instance
5. Export ALL_PROXY=socks5h://localhost:1080
6. Fire up a go-ircevent session

To also try the EXTERNAL stuff using a similar setup, first connect with a normal client using the same TLS client cert and nick and run /msg NickServ REGISTER *. Optionally, verify the fingerprint has indeed been added with /msg NickServ CERT LIST.

Note: this SASL business is basically orthogonal to the proxy stuff above, so I'd be happy to move it to a separate PR if that would help keep things sane. Thanks.

See also #136 and examples/simple-tor.go (related).