Support Kill Switch

[nibanks]

Describe the feature you'd like supported

Implement a "kill switch" for MsQuic via a new "Enabled" setting (e.g. in QUIC_SETTINGS) that can be set to false. This will be a last line of defense for any significant bug that might require us to immediately disable QUIC until the issue can be fixed.

Proposed solution

1. When set, this must prevent all new connections from being started (client & server).
2. When set, this must (async) kill all existing connections.
3. The setting must also be configurable via a registry key.
4. Existing registration, configuration and listener handles will generally be unaffected by this setting.
5. The default for this "Enabled" setting is true so that QUIC is on by default.

Additional context

There a couple of ways this might be implemented. The simplest (I think) is to do it at the registration layer.

1. Update QuicConnRegister to fail if the registration has QUIC disabled.
2. Update QuicRegistrationSettingsChanged to kill existing connections (similar to MsQuicRegistrationShutdown). Perhaps just even call MsQuicRegistrationShutdown. Note - it would probably be best to immediately kill the connection without actually sending out any packets, so use the QUIC_CONNECTION_SHUTDOWN_FLAG_SILENT flag (which also makes the error code unused).

Beyond this, what if an app set this setting only on a configuration? Does that even make sense? If we want to support this, just for preventing new connections from being created with this, we would have to update QuicConnSetConfiguration and/or QuicConnApplyNewSettings to prevent/kill connections. I'm not convinced this is a useful thing to support, and should just be documented as unsupported/disallowed.

Finally, ensure all tests and documentation are updated accordingly to cover the new setting.