tailcfg, ipn/ipnlocal, wgengine/magicsock: add only-tcp-443 node attr

Updates tailscale/corp#17879

Change-Id: I0dc305d147b76c409cf729b599a94fa723aef0e0
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

wgengine/magicsock/derp.go

@@ -729,6 +729,13 @@ func (c *Conn) processDERPReadResult(dm derpReadResult, b []byte) (n int, ep *en
 	return n, ep
 }
 
+// SetOnlyTCP443 set whether the magicsock connection is restricted
+// to only using TCP port 443 outbound. If true, no UDP is allowed,
+// no STUN checks are performend, etc.
+func (c *Conn) SetOnlyTCP443(v bool) {
+	c.onlyTCP443.Store(v)
+}
+
 // SetDERPMap controls which (if any) DERP servers are used.
 // A nil value means to disable DERP; it's disabled by default.
 func (c *Conn) SetDERPMap(dm *tailcfg.DERPMap) {