Fix PROXY protocol handling of dedicated kube listener with TLS routing

[AntonAM]

In multiplexed mode alpn proxy passes connection to the Kube listener directly. If PROXY protocol mode is "on" Kube listener in that case would not get PROXY line that was already handled by the alpn listener and fail. In #32893 we made Kube listener to always have PROXY protocol mode "off" in multiplexed proxy listening mode, but that lead to a problem that now users couldn't use dedicated Kube listener directly, since PROXY line was rejected.

This PR changes how we handle it - now we don't switch off PROXY protocol mode for the Kube listener in multiplexed mode, instead in the multiplexer listener we check if accepted connection is itself multiplexer connection (or wrapped at some level) - that means it's coming from alpn proxy and PROXY protocol line requirement was already handled, so we don't check it second time.

Changelog: Fix accessing dedicated Proxy Kube port when TLS routing is enabled.

Closes #34178

[github-actions]

The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with changelog: followed by the changelog entries for the PR.

[github-actions]

The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with changelog: followed by the changelog entries for the PR.

[AntonAM]

Friendly ping to reviewers ( @avatus @gzdunek @tigrato @dboslee )

[tigrato]

@AntonAM can you please include tests that cover this scenario?
thanks in advance

[AntonAM]

@tigrato I've adjusted existing tests, so it checks both addresses when in multiplexed mode (it would catch the original problem)

[public-teleport-github-review-bot]

@AntonAM See the table below for backport results.

Branch	Result
branch/v14	Failed