feat(proxy): add Proxy::resolve_local to tunnel CONNECT to a locally-resolved IP

[eav93]

Summary

Adds an opt-in Proxy::resolve_local(bool) for HTTP(S) proxies.

By default, an HTTPS request through an HTTP proxy opens the tunnel with the
destination hostname (CONNECT example.com:443), leaving DNS resolution to
the proxy. When resolve_local(true) is set, the destination host is resolved
by the client's own resolver (honoring ClientBuilder::resolve /
resolve_to_addrs overrides) and the CONNECT request is sent to the resolved
IP instead (CONNECT 93.184.216.34:443). The IP is used for both the
CONNECT request-target and that request's Host header; the original port is
preserved.

The TLS SNI and the tunneled HTTP request keep using the original hostname, so
certificate validation and virtual hosting are unaffected.

Motivation

This mirrors the existing socks5:// (local DNS) vs socks5h:// (remote DNS)
distinction, but for HTTP(S) proxies, which currently have no equivalent. It is
useful when the proxy's own DNS is unreliable or when the hostname in the
CONNECT line is filtered upstream — resolving locally and tunneling to the IP
sidesteps both, while the connection pool still keys on the original hostname.

Behavior / scope

• Opt-in; default behavior is unchanged (CONNECT still uses the hostname).
• Applies only to HTTPS tunneled through an HTTP(S) proxy. No effect on SOCKS or
  Unix-socket proxies, or on plain HTTP requests.
• IP-literal destinations (incl. IPv6, e.g. [::1]) are passed through unchanged.
• The destination port always comes from the URI, never from the resolved
  SocketAddr (a custom resolver may return a synthetic/zero port).

Tests

tests/proxy.rs covers: hostname → resolved IP in CONNECT; opt-out leaves the
hostname even with a resolve override present; explicit non-default port is
preserved; IPv6 literal passthrough. cargo fmt, cargo check (with and
without socks), clippy and the proxy suite all pass.

Implementation note

The resolver field on the connector was previously gated behind the socks
feature; it is now always present, since the HTTP tunnel path also needs it.

[gemini-code-assist]

Code Review

This pull request introduces a resolve_local option for proxies, allowing the client to resolve the destination host locally and send the HTTP CONNECT request to the resolved IP address instead of the hostname. This is implemented by making the DNS resolver always available in ConnectorBuilder and ConnectorService, and adding a resolve_connect_dst helper. Feedback on the changes suggests a more idiomatic way to format the resolved IP and port using SocketAddr's built-in formatting rather than manually matching on the IP address type.

[gemini-code-assist]

Instead of manually matching on the IP address type and formatting it, you can leverage the standard library's SocketAddr formatting by updating the port on the resolved address directly. This is more concise and idiomatic.

        let mut addr = addr;
        addr.set_port(port);
        let authority = addr.to_string();

[0x676e67]

I would like to know if this functionality has been implemented in other HTTP client libraries.