Update STUN specification from rfc3489bis-06 to rfc3489bis-10

[bennylp]

Changes in the STUN specification from rfc3489bis-06 to rfc3489bis-10:

• STUN transaction timeout is no longer hardcoded to 1600ms, but rather 16*RTO
• Changes in MESSAGE-INTEGRITY calculation, with regard to the message length value. Previously in bis-06, the length was set to the actual/final length of the message. Now the length is the message length after M-I is added, but before any other attributes past M-I (such as FINGERPRINT) is added.
• Similarly for FINGERPRINT calculation
• HMAC padding for MESSAGE-INTEGRITY is no longer necessary
• Some STUN status codes related to client error were removed:
  • 430 Stale Credentials
  • 431 Integrity Check Failure
  • 432 Missing Username
  • 433 Use TLS
  • 434 Missing Realm
  • 435 Missing Nonce
  • 436 Unknown Username
  • 437 No Binding
• Subsequently since some status codes were removed, response codes for authentication were changed
• Now non-FINGERPRINT attributes are allowed to exist after M-I. Endpoint MUST ignore these attributes, for now.
• added more STUN test vectors in STUN test program

Note that these changes are NOT backward compatible with rfc3489bis-06, meaning new ICE software based on new PJNATH will not be able to negotiate with ICE from previous PJNATH.

[bennylp]

Committed in r1439

[bennylp]

In r1443, STUN status 437 (No Binding) was re-enabled since this is used by TURN.