Avoid file descriptor exhaustion when fetching certificates.

- Previously, there was a chance of running out of file descriptors
    while or after fetching a large number of certificates using sq
    network fetch.

  - The root cause of that was the use of getaddrinfo(3) to resolve
    names, which is a blocking interface, which has to be executed on
    a special thread for blocking tasks on the tokio runtime.  The
    maximum number of these threads is capped at 512 by default, and
    these threads can tie up a significant number of file descriptors
    in sockets.  The threads do close their sockets and go away after
    a while, presumably after a timeout.  Further, blocking tasks can
    not be canceled.

  - Do release all thread pool resources after doing the fetch.

  - Also, switch to the hickory crate for doing name lookups.  This
    implements a non-blocking interface, and releases resources in a
    timely fashion.

  - Fixes #335.

Cargo.lock

@@ -3019,6 +3019,7 @@ dependencies = [
  "futures-core",
  "futures-util",
  "h2",
+ "hickory-resolver",
  "http",
  "http-body",
  "hyper",
@@ -3572,6 +3573,7 @@ dependencies = [
  "once_cell",
  "predicates",
  "regex",
+ "reqwest",
  "roff",
  "rpassword",
  "sequoia-autocrypt",

Cargo.toml

@@ -43,6 +43,7 @@ clap = { version = "4", features = ["derive", "env", "string", "wrap_help"] }
 humantime = "2"
 indicatif = "0.17"
 once_cell = "1.17"
+reqwest = { version = "0.11.27", features = ["hickory-dns"] }
 sequoia-cert-store = "0.6.0"
 sequoia-keystore = { version = ">=0.5, <0.7" }
 sequoia-wot = { version = "0.12", default-features = false }

src/commands/network.rs

@@ -857,6 +857,9 @@ pub fn dispatch_fetch(mut sq: Sq, c: cli::network::fetch::Command)
     })?;
     drop(pb);
 
+    // Release all thread pool resources.
+    drop(rt);
+
     Response::import_or_emit(sq, c.output, c.binary, results)?;
     Ok(())
 }