Consider closing the connection on Upgrade failure

[bemasc]

@martinthomson writes

The server treating Upgrade as implying Connection: close might be a good start, counter to what Section 4 currently says. We should not be recommending mitigations that only one affected party can deploy.

In other words, we would instruct servers to close the connection after responding, without reading any more requests, when they reject an Upgrade.

This behavior would be compatible and compliant, and would foreclose the security issue in question. However, it would have a notable performance cost when returning a response that will trigger a retry (e.g. 307, 401, 407).