Fix bitfield width in ngx_http_conf_addr_t, keep CAP_NET_BIND_SERVICE

[iczero]

In src/http/ngx_http.c function ngx_http_add_addresses, the following code is present:

#if (NGX_HTTP_SSL)
        ssl = lsopt->ssl || addr[i].opt.ssl;
        protocols |= lsopt->ssl << 1;
        protocols_prev |= addr[i].opt.ssl << 1;
#endif
#if (NGX_HTTP_V2)
        http2 = lsopt->http2 || addr[i].opt.http2;
        protocols |= lsopt->http2 << 2;
        protocols_prev |= addr[i].opt.http2 << 2;
#endif
#if (T_NGX_XQUIC)
        xquic = lsopt->xquic || addr[i].opt.xquic;
        protocols |= lsopt->xquic << 3;
        protocols_prev |= addr[i].opt.xquic << 3;
#endif
#if (T_NGX_HAVE_XUDP)
        xudp = lsopt->xudp || addr[i].opt.xudp || port->xudp;
        protocols |= lsopt->xudp << 4;
        protocols_prev |= addr[i].opt.xudp << 4;
#endif
#if (T_NGX_HTTPS_ALLOW_HTTP)
        https_allow_http = lsopt->https_allow_http || addr[i].opt.https_allow_http;
#endif

// ...

            addr[i].protocols = protocols;
            addr[i].protocols_set = 1;

This assumes the protocols field has width 5 but it is only width 3. This corrupts the next field and causes strange errors. This is fixed by increasing the width to 5 bits.

[CLAassistant]

All committers have signed the CLA.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[iczero]

XQUIC requires privileged bind() to low ports from worker processes. It will error after setuid() if not running as user root. This will keep the CAP_NET_BIND_SERVICE capability so it can bind without issues.