Why though? Why use the Wireguard protocol at all if you're gonna run it over TCP/TLS? I feel like you're missing the beauty of it. Just fork wireguard-go and write a WSS driver for netstack and tun if you don't want to use the innovative part of the proto.