Remove the DNS over HTTPS (DoH) proxy feature built on CoreDNS due to
security vulnerabilities (GO-2025-3942, GO-2026-4289).
This removes:
- Standalone proxy-dns command (cloudflared proxy-dns)
- Tunnel subcommand (cloudflared tunnel proxy-dns)
- Proxy-dns flags for tunnel run (--proxy-dns, --proxy-dns-port, etc.)
- Config file resolver section support
- tunneldns/ package (CoreDNS-based implementation)
- Related component tests
BREAKING CHANGE: The proxy-dns feature is no longer available.
Users should migrate to alternative DNS over HTTPS solutions.
* TUN-9863: Introduce Code Signing for Windows Builds
This commit adds a signing step to the build script for windows binaries.
Since we package the MSI on Linux, this commit adds another CI step that depends on package-windows and signs all of the windows packages.
To do so, we use azuresigntool which relies on a certificate stored in Azure Vault.
Closes TUN-9863
## Summary
This commit migrates the cloduflared ci pipelines, that built, tested and component tested the linux binaries to gitlab ci.
The only thing that is remaining to move from teamcity to gitlab are now the release pipelines that run on master.
Relates to TUN-9800
João "Pisco" Fernandes
Luis Neto
Andi Anderson
Gonçalo Garcia