enforce a minimum value of the remote idle timeout

This prevents a DoS where a peer could send us a really small remote
idle timeout, and we would continuously send it PING frames.

internal/protocol/server_parameters.go

@@ -113,6 +113,9 @@ const CryptoParameterMaxLength = 4000
 // EphermalKeyLifetime is the lifetime of the ephermal key during the handshake, see handshake.getEphermalKEX.
 const EphermalKeyLifetime = time.Minute
 
+// MinRemoteIdleTimeout is the minimum value that we accept for the remote idle timeout
+const MinRemoteIdleTimeout = 5 * time.Second
+
 // DefaultIdleTimeout is the default idle timeout
 const DefaultIdleTimeout = 30 * time.Second