Consider proxy behavior and change either implementation or docs

[calmh]

Continuing the discussion from #6363, we changed the proxy behavior in 1.3.3. Prior to 1.3.3, when a proxy is set but not ALL_PROXY_NO_FALLBACK:

1. Try to connect via proxy
2. If that failed, try to connect directly

Post 1.3.3, we:

1. Start a connection attempt via proxy
2. Start a connection attempt directly
3. Wait for the proxy connection to succeed or fail
4. Return the proxy connection if it succeeded, otherwise the direct connection

I'm not convinced this is a good idea, as we now always do direct connections even when a proxy is configured, unless ALL_PROXY_NO_FALLBACK is also set.

If it is desired, we need to update the docs which describe the previous behavior.

[imsodin]

I think both the previous and new behaviour aren't ideal: If proxies are expected to be a "hiding"-feature then no fallback should be default (might still expose real connection even if dialing sequentially) and if it's a connectivity feature then new behaviour is good. I don't really know which is the case, though when looking into vpns for public networks there where warnings about proxies not being enough for identity protection abound (though the quality of information generally wasn't trust-inspiring).

So tldr: either nofallback default and env bar for fallback or the other way around depending on "expected use-case" and in both cases simul-dialing if fallbacking seems best to me.

[ivucica]

https://docs.syncthing.net/users/proxying.html has been updated, but it is not fully accurate. I was going to open a bug about this, but I'll send an email to security@ instead.