Handle proxy-protocol correctly with respect to TLS backends

Proxy-protocol may be included in plaintext streams from the ngrok edge, but it needs to come _before_ TLS in the stream when forwarding to backends. This means we need to read the proxy header and send it before we initiate TLS to an https or tls backend when forwarding.

Currently implemented in Rust, just needs to be ported here.