If a token does not specify a username, the server will request
one by failing the join message.  Disconnect from the WebSocket
in that case, and display the login dialog with the password
field invisible.

We now report ErrUsernameRequired and ErrDuplicateUsername
errors by setting the "error" field of messages.

Stateful tokens look just like cryptographic tokens to the client.
Unlike cryptographic tokens, they are stored in a file and are
revokable and editable.

The "time" field of messages is now a string in RFC 3339 format,
and there is a new "error" field in messages.

Tokens are now an interface, and all the token logic is encapsulated
in the token module.

We used to set sc.group even if joining failed, which would cause
us to spuriously call the onJoined callback when we disconnected.

Avoid copying data when sending, improve error handling.

Split out deleting of buttons during file transfer into its own
function.

We now distinguish between tokens that specify an empty username
(sub="") and tokens that don't specify sub.  The latter are
considered invalid for now.

Simulcast doesn't seem to work well with screen sharing: only one
layer is sent, which has very low throughput since we send the low
layer first.  Disable simulcast for screen sharing.

Only the first byte of the VP8 header is mandatory, but we
used to reject packets smaller than 4 bytes.  The major part
of the fix is actually in pion/rtp.

addMapping assumes the piddelta is constant, so it doesn't need
the pid.

When using an identity packetmap, we used to update the next seqno
even when packets were not increasing.  Not a big deal, we'd still
recover at the next sequential packet.

Don't disconnect the client for some more errors.

This does not yet support the new 'need-username' error.

The code turned out not to port to FreeBSD.  Disable the check,
and assume that FreeBSD admins read the docs.

Thanks to Amatis-51.

Pion is unfortunately breaking Go 1.16.

It was introduced in Go 1.19.

The strategy of computing the base URL from the request doesn't
necessarily work if we're behind a reverse proxy.  proxyURL
can be set in cases where our guess is incorrect.

Thanks to Dianne Skoll.

We were computing the scheme incorrectly, which caused us
to compute the wrong websocket URL when -insecure is set.
Thanks to Fabien de Montgolfier.