Fix for CVE-2017-15133 TCP DOS

[miekg]

serveTCP calls reader.ReadTCP in the accept loop rather than in
the per-connection goroutine. If an attacker opens a connection
and leaves it idle, this will block the accept loop until the
connection times out (2s by default). During this time no other
incoming connections will succeed, preventing legitimate queries
from being answered.

This commit moves the call to reader.ReadTCP into the per-connection
goroutine. It also adds a missing call to Close whose absence allowed
file-descirptors to leak in select cases.

This attack and fix have no impact on serving UDP queries.

[miekg]

Fixes #631

[codecov-io]

Codecov Report

Merging #631 into master will decrease coverage by <.01%.
The diff coverage is 50%.

@@            Coverage Diff             @@
##           master     #631      +/-   ##
==========================================
- Coverage   57.89%   57.89%   -0.01%     
==========================================
  Files          37       37              
  Lines        9987     9989       +2     
==========================================
+ Hits         5782     5783       +1     
- Misses       3156     3157       +1     
  Partials     1049     1049

Impacted Files	Coverage Δ
server.go	58.14% <50%> (-0.05%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 862243b...ee6a9d6. Read the comment docs.