mdns: restrict A/AAAA records to addresses reachable from querying interface

[yifu]

(Sorry fo my broken English)

This PR fixes #43 .

The Problem

As a reminder, when I Register() a service on a machine A (with multiple network interfaces, let say an ethernet NIC, a wireless connection on the same network as the ethernet NIC, and VPN connection and a docker bridge), and then if I browse for a service from another machine B with an ethernet NIC (the same network as the ethernet NIC and the wireless connection for the machine A), then I receive an answer specifying IP addresses for the ethernet NIC, the wireless adapter, the vpn connection and the docker bridge. The last two ip addresses are not routable/accessible from machine B. As a consequence they are not valid.

Background

This PR is based on this extract from the RFC 6762:

Except in the case of proxying and other similar specialized uses, addresses in IPv4 or IPv6 address records in Multicast DNS responses MUST be valid for use on the interface on which the response is being sent.

Found in section "14. Considerations for Multiple Interfaces".

Solution

The PR's commits propose to check that IP Addresses added to an answer are actually contained in the originating network (the network from where the request is coming from).

[yifu]

As a side note: unit tests do not work on master branch, on my machine:

zeroconf % go test -v
=== RUN TestBasic
2025/11/23 18:54:44 Published service: test--xxxxxxxxxxxx, type: _test--xxxx._tcp, domain: local.
2025/11/23 18:54:49 Shutting down.
--- PASS: TestBasic (5.00s)
=== RUN TestNoRegister
service_test.go:82: Expected empty service entries but got {{test--xxxxxxxxxxxx _test--xxxx._tcp [] local. _test--xxxx._tcp.local. test--xxxxxxxxxxxx._test--xxxx._tcp.local. _services._dns-sd._udp.local.} MacBook-Air-de-Yves.local.local. 8888 [txtv=0 lo=1 la=2] 3200 [192.168.1.38 192.168.1.104] [fe80::1 2a01:e0a:e54:1210:7e:9dcb:aab3:da4b 2a01:e0a:e54:1210:4db:bae:6016:9b13 fe80::2925:77c4:cd8a:b36a fe80::edcb:6efd:9bb0:9134 fe80::c083:c5ff:fec0:38e1 fe80::c083:c5ff:fec0:38e1 fe80::f693:9e44:5a2:db15 fe80::ce81:b1c:bd2c:69e fe80::b1cb:7c29:895f:aa84 fe80::da0e:b642:8d4:40da 2a01:e0a:e54:1210:67:ce3d:104a:3ade 2a01:e0a:e54:1210:ccb1:665b:98c7:1665]}
--- FAIL: TestNoRegister (5.00s)
=== RUN TestSubtype
=== RUN TestSubtype/browse_with_subtype
2025/11/23 18:54:54 Published service: test--xxxxxxxxxxxx, type: _test--xxxx._tcp,_fancy, domain: local.
2025/11/23 18:54:59 Shutting down.
=== RUN TestSubtype/browse_without_subtype
2025/11/23 18:54:59 Published service: test--xxxxxxxxxxxx, type: _test--xxxx._tcp,_fancy, domain: local.
2025/11/23 18:55:04 Shutting down.
--- PASS: TestSubtype (10.00s)
--- PASS: TestSubtype/browse_with_subtype (5.00s)
--- PASS: TestSubtype/browse_without_subtype (5.00s)
FAIL
exit status 1
FAIL github.com/grandcat/zeroconf 20.500s