try all IPs to get rid of `--resolve`

The --resolve options allows to tell openconnect to use a specific IP address for a hostname so it will not try to look it up but instead use the given one. That allows to use the same IP for a connection which was used by a previous authentication, with some sort of authentication application.

I am currently writing a python script to use a regular web-browser as authentication application. With the use of https://pypi.org/project/browser-cookie3/ cookies can be stolen and passed on to openconnect.

That allows me to implement rather involved MFA based on OpenSC, FIDO2, client-certificate simply using a browser like firefox or chrome with a fresh profile every single time. That script already works well, and i might share it some day.

Only big remaining problem would be getting the IP that the browser used from it. I might be able to trick it with namespace and an /etc/hosts but i wonder why openconnect can not simply try all A and AAAA records should one cause auth issues.

Having such a retry feature would simplify auth applications and make --resolve merely an optional performance switch. Which i think is beneficial anyhow because learning about --resolve usually goes the "hard way" like in #359 (closed)