feat(gateway): connect to relay control plane

The gateway binary now has a real relay-facing configuration and QUIC control
handshake. It accepts a relay socket address, expected TLS server name, pinned
DER relay certificate, room code, LAN interface name, and advertised datagram
budget, then connects as role = gateway and waits for a welcome response.

The ALPN token moved into lanparty-ctrl so relay and gateway share the same
protocol identifier instead of carrying duplicate private constants. The gateway
still stops after the control-plane connection; AF_PACKET capture and injection
remain a later slice.

The connector test spins up a local Quinn server with a self-signed certificate,
trusts that certificate explicitly, verifies the outgoing gateway hello, and
checks the received welcome metadata.

Test Plan:
- cargo fmt --check
- cargo test --workspace
- cargo clippy --workspace --all-targets -- -D warnings

Refs: PLAN.md Linux gateway outbound relay connection

crates/lanparty-relay/src/server.rs

@@ -4,8 +4,8 @@ use anyhow::{Context, Result, anyhow};
 use bytes::Bytes;
 use lanparty_ctrl::{
     CONTROL_LENGTH_PREFIX_LEN, ControlCodecError, ControlMessage, EndpointHello,
-    MAX_CONTROL_MESSAGE_LEN, PeerInfo, Reject, RejectReason, Role, RoomCode, ServerWelcome,
-    decode_control_frame, encode_control_message,
+    MAX_CONTROL_MESSAGE_LEN, PeerInfo, RELAY_ALPN, Reject, RejectReason, Role, RoomCode,
+    ServerWelcome, decode_control_frame, encode_control_message,
 };
 use lanparty_proto::{FrameType, decode_datagram, encode_datagram};
 use quinn::crypto::rustls::QuicServerConfig;
@@ -16,7 +16,6 @@ use tokio::sync::Mutex;
 
 use crate::{RelayConfig, RoomRegistry};
 
-const RELAY_ALPN: &[u8] = b"lanparty-l2/1";
 const DATAGRAM_BUFFER_BYTES: usize = 4 * 1024 * 1024;
 const MAX_CONTROL_FRAME_LEN: usize = CONTROL_LENGTH_PREFIX_LEN + MAX_CONTROL_MESSAGE_LEN;