Document non-PKI ways of using Disco

[mimoo]

Currently, handshake patterns with I and X (key is transmitted as part of the handshake) seem to enforce signatures and a PKI. For example NX:

Noise_NX is a handshake pattern similar to a typical browser ↔ HTTPS server scenario where the client does not authenticate itself and the server authenticates its public key via a signature from an authoritative signing key.

This is not at all the only way of using this handshake patterns. TOFU (trust on first use) or (a whitelist of) key pinning are also possibilities.

How to do it? Your StaticPublicKeyProof() function can return an empty string and your PublicKeyVerifier() can always return true or match public keys against a whitelist.

Furthermore, to obtain the public key received from the connection, one must either use the Disco functions directly (and they are currently not exported) or must use the ListenDisco/AcceptDisco() functions that return a libdisco.Conn instead of a net.Conn; giving access to extra functions like RemotePublicKey().

I am also trying to think of a way a net.Conn could be used to retrieve that public key. The problem is that its interface is limited to modifying its RemoteAddr() function (which is supposed to return the ip:port tuple of the peer). Perhaps, a flag in the configuration of Disco could tweak this to return a publickey:ip:port tuple instead?