apiclient: update tungstenite to v0.20.1

[arnaldo2792]

Description of changes:

Newer versions of tungstenite implemented the v13 version of the Web Sockets protocol (described in rfc6455). In this version, new headers are required in the upgrade request. With this update, now the upgrade request sent by apiclient include the missing headers.

In the same version, the 'frame' message was added. Neither apiserver nor apiclient send this type of message, so they are ignored by apiclient.

I found the required headers here. For the values I followed the RFC:

The request MUST contain a |Host| header field whose value contains /host/ plus optionally ":" followed by /port/ (when not using the default port).

The request MUST contain an |Upgrade| header field whose value MUST include the "websocket" keyword

The request MUST contain a |Connection| header field whose value MUST include the "Upgrade" token.

The request MUST include a header field with the name |Sec-WebSocket-Key|. The value of this header field MUST be a nonce consisting of a randomly selected 16-byte value that has been base64-encoded (see Section 4 of [RFC4648]). The nonce MUST be selected randomly for each connection.

The request MUST include a header field with the name |Sec-WebSocket-Version|. The value of this header field MUST be 13.

Testing done:
I built the aws-ecs-1 and aws-ecs-2 variants, and confirmed I could exec commands through the admin container:

[ssm-user@control]$ apiclient get os
{
  "os": {
    "arch": "x86_64",
    "build_id": "14d6c7d1",
    "pretty_name": "Bottlerocket OS 1.16.0 (aws-ecs-2)",
    "variant_id": "aws-ecs-2",
    "version_id": "1.16.0"
  }
}
[ssm-user@control]$ apiclient exec admin sheltie cat /etc/os-release
NAME=Bottlerocket
ID=bottlerocket
VERSION="1.16.0 (aws-ecs-2)"
PRETTY_NAME="Bottlerocket OS 1.16.0 (aws-ecs-2)"
VARIANT_ID=aws-ecs-2
VERSION_ID=1.16.0
BUILD_ID=14d6c7d1
HOME_URL="/~https://github.com/bottlerocket-os/bottlerocket"
SUPPORT_URL="/~https://github.com/bottlerocket-os/bottlerocket/discussions"
BUG_REPORT_URL="/~https://github.com/bottlerocket-os/bottlerocket/issues"
DOCUMENTATION_URL="https://bottlerocket.dev"

I also confirmed that I can enter the admin container:

[ssm-user@control]$ enter-admin-container
Confirming admin container is enabled...
Waiting for admin container to start...
Entering admin container
          Welcome to Bottlerocket's admin container!
    ╱╲
   ╱┄┄╲   This container provides access to the Bottlerocket host
   │▗▖│   filesystems (see /.bottlerocket/rootfs) and contains common
  ╱│  │╲  tools for inspection and troubleshooting.  It is based on
  │╰╮╭╯│  Amazon Linux 2, and most things are in the same places you
    ╹╹    would find them on an AL2 host.

To permit more intrusive troubleshooting, including actions that mutate the
running state of the Bottlerocket host, we provide a tool called "sheltie"
(`sudo sheltie`).  When run, this tool drops you into a root shell in the
Bottlerocket host's root filesystem.
[root@admin]#

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

[jpculp]

After the next tough release, we can switch everything to 0.21.

[webern]

I think in the past we had a case where apiclient processes became zombies and maybe tungstenite was to blame? Anyone remember? Should we check for zombies?

[bcressey]

Zombies showed up in #1384 and #1507 but I think that was before apiclient exec.

[arnaldo2792]

(Forced push fixes the comments in the last revision)