Qh3

=====================

**Removed**
- **Breaking:** Dependency on ``cryptography`` along with the indirect dependencies on cffi and pycparser.
- **Breaking:** ``H0Connection`` class that was previously deprecated. Use either urllib3-future or niquests instead.
- **Breaking:** Draft support for QUIC and H3 protocols.
- **Breaking:** ``RSA_PKCS1_SHA1`` signature algorithm due to its inherent risk dealing with the unsafe SHA1.
- **Breaking:** ED448/X448 signature and private key are no longer supported due to its absence in aws-lc-rs.
- **Breaking:** You may no longer pass certificates (along with private keys) as object that comes from ``cryptography``. You have to encode them into PEM format.

**Changed**
- ls-qpack binding integration upgraded to v2.5.4 and migrated to Rust.
- cryptographic bindings are rewritten in Rust using the PyO3 SDK, the underlying crypto library is aws-lc-rs 1.6.4
- certificate chain control with dns name matching is delegated to rustls instead of previously half-vendored (py)OpenSSL (X509Store).

**Added**
- Exposed a public API for ``qh3`` (top-level import).
- SECP384R1 key exchange algorithm as a supported group by default to make for the X448 removal.
- SECP521R1 key exchange algorithm is also supported but not enabled by default per standards (NSA Suite B) recommendations.

**Misc**
- Noticeable performance improvement and memory safety thanks to the Rust migration. We tried to leverage pure Rust binding whenever we could do it safely.
- Example scripts are adapted for this major version.
- Using ``maturin`` as the build backend.
- Published new compatible architectures for pre-built wheels.
- Initial MSRV 1.75+

If you rely on one aspect of enumerated breaking changes, please pin qh3 to
exclude this major (eg. ``>=0.15,<1``) and inform us on how this release affected your program(s).
We will listen.

The semantic versioning will be respected excepted for the hazardous materials.

===================

**Fixed**
- Improved stream write scheduling. (upstream patch https://github.com/aiortc/aioquic/pull/475)

**Misc**
- CI now prepare a complete sdist with required vendors
- aarch64 linux is now served

===================

**Changed**
- Highly simplified ``_crypto`` module based on upstream work https://github.com/aiortc/aioquic/pull/457
- Bump upper bound ``cryptography`` version to 42.x

**Fixed**
- Mitigate deprecation originating from ``cryptography`` about datetime naïve timezone.

===================

**Changed**
- Converted our ``Buffer`` implementation to native Python instead of C as performance are plain better thanks to CPython internal optimisations

**Fixed**
- Addressed performance concerns when attributing new stream ids
- The retry token was based on a weak key

**Added**
- ``StopSendingReceived`` event
- Property ``open_outbound_streams`` in ``QuicConnection``
- Property ``max_concurrent_bidi_streams`` in ``QuicConnection``
- Property ``max_concurrent_uni_streams`` in ``QuicConnection``
- Method ``get_cipher`` in ``QuicConnection``
- Method ``get_peercert`` in ``QuicConnection``
- Method ``get_issuercerts`` in ``QuicConnection``

===================

**Added**
- Support for in-memory certificates (client/intermediary) via ``Configuration.load_cert_chain(..)``

**Removed**
- (internal) Unused code in private ``_vendor.OpenSSL``

===================

**Changed**
- All **INFO** logs entries are downgraded to **DEBUG**

**Removed**
- Certifi will no longer be used if present in the environment. Use jawah/wassima as a super replacement.

**Deprecated**
- ``H0Connection`` will be removed in the 1.0 milestone. Use HTTP Client Niquests instead.