Prevent oracle attacks in the legacy protocol (CVE-2018-16737, CVE-2018-16738)

The legacy authentication protocol allows an oracle attack that could
potentially be exploited. This commit contains several mitigations:

- Connections are no longer closed immediately on error, but put in
  a "tarpit".
- The authentication protocol now requires a valid CHAL_REPLY from the
  initiator of a connection before sending a CHAL_REPLY of its own.
- Reduce the amount of connections per second accepted.
- Null ciphers or digests are no longer allowed in METAKEYs.
- Connections that claim to have the same name as the local node are
  rejected.

Just to be on the safe side:

- The new protocol now requires a valid SIG from the initiator of a
  connection before sending a SIG of its own.