This is great! We wrote https://godoc.org/github.com/spacemonkeygo/tlshowdy (which takes a slightly different approach) to make it take even less code than 105 lines, if that helps anyone. See the Peek method (which will return the ClientHello and a new Conn with the handshake bytes restarted)
It looks like multiple people are going with the same approach that lets one dispatch its request depending on the SNI header.
I owe credit to calico whose identical idea let me do sni-shunt.
I would be happy if that idea did spread around everywhere, as it is a nice combo.
The actual syscall is recv(2) with the MSG_PEEK flag, which I guess Go uses for this.
FYI you can use nginx ssl preread module instead, which I discovered when I needed a similar functionality. I believe Apache has something similar.