DoH code relies on HTTP headers processing order

DoH code makes assumptions regarding the HTTP (pseudo)header processing order. In particular, it assumes that :method: pseudo-header will be processed one of the first, which might not be true. In this case, the request will be treated as a bad one.

The problem was found when testing the DoH code with h2load, an HTTP/2 and HTTP 1.1 benchmarking tool being developed by libnghttp2 authors. The problem revealed itself only when testing POST requests (GET requests were fine).

h2load -t 8 -c 300 -m 100 -n 1000000 -d ~/projects/isc/request_data.bin -H "content-type:application/dns-message" https://doh.example.com/dns-query

In order to resolve the problem we need to move the checks which require certain headers to be processed first into server_on_request_recv(), which knows all the required context.