proxy: fix channel binding error messages (#6054)

## Problem

For channel binding failed messages we were still saying "channel
binding not supported" in the errors.

## Summary of changes

Fix error messages

proxy/src/sasl.rs

@@ -30,6 +30,9 @@ pub enum Error {
     #[error("Bad client message: {0}")]
     BadClientMessage(&'static str),
 
+    #[error("Internal error: missing digest")]
+    MissingBinding,
+
     #[error(transparent)]
     Io(#[from] io::Error),
 }
@@ -38,8 +41,7 @@ impl UserFacingError for Error {
     fn to_string_client(&self) -> String {
         use Error::*;
         match self {
-            // TODO: add support for channel binding
-            ChannelBindingFailed(_) => "channel binding is not supported yet".to_string(),
+            ChannelBindingFailed(m) => m.to_string(),
             ChannelBindingBadMethod(m) => format!("unsupported channel binding method {m}"),
             _ => "authentication protocol violation".to_string(),
         }

proxy/src/scram/exchange.rs

@@ -106,14 +106,14 @@ impl sasl::Mechanism for Exchange<'_> {
 
                 let channel_binding = cbind_flag.encode(|_| match &self.tls_server_end_point {
                     config::TlsServerEndPoint::Sha256(x) => Ok(x),
-                    config::TlsServerEndPoint::Undefined => {
-                        Err(SaslError::ChannelBindingFailed("no cert digest provided"))
-                    }
+                    config::TlsServerEndPoint::Undefined => Err(SaslError::MissingBinding),
                 })?;
 
                 // This might've been caused by a MITM attack
                 if client_final_message.channel_binding != channel_binding {
-                    return Err(SaslError::ChannelBindingFailed("data mismatch"));
+                    return Err(SaslError::ChannelBindingFailed(
+                        "insecure connection: secure channel data mismatch",
+                    ));
                 }
 
                 if client_final_message.nonce != server_first_message.nonce() {