We don't always do privilege dropping (as we may start as unprivileged user), so set these two beforehand so when we skip privdrop we don't miss to set privsep_process and set the process' title.

avoids issues since the same file is sent to multiple processes after being dup()'ed. Since these files are meant to be regular files, I don't expect short reads.

while here add an explicit flush to avoid a fd rampage.

i.e. not hardcode PROC_SERVER

prime256v1 should be perfectly fine for all I understand, but OpenBSD' acme-client uses secp384r1 and who am I to disagree :)

Don't have all the processes read gmid.conf. The parent needs to do that, and the will send the config to the children (already happening.) The other processes were reading the config anyway to figure out the user and the chroot (if enabled); make the parent pass additional flag to propagate that info. We dissociate a bit from the "usual" proc.c but it's a change worth having.

this avoids having the daemon dieing on SIGHUP with a bad config file.