refactor the landlock-related code into something more manageable. The only real difference is that before the logger process would try to landlock itself to "/" without perms, something that landlock doesn't support (now it enables landlock and then restrict itself, which is the correct move.)

Since I was in a hurry, I forgot to mention it in the tag message :/

While computing the parent directory it an out-of-bound access can occur, which usually means the server process dies. In particular, it can be triggered by making a request for a non-existent file in the root of a virtual host if the path matches the `cgi` pattern. Thanks cage for helping in debugging!

makes more explicit which fields we're setting. (and kill an extra empty line)

There's no difference, but bzero(3) says STANDARDS The bzero() function conforms to the X/Open System Interfaces option of the IEEE Std 1003.1-2004 (“POSIX.1”) specification. It was removed from the standard in IEEE Std 1003.1-2008 (“POSIX.1”), which recommends using memset(3) instead. so here we are.

the whole struct client is already memset'd to 0 in do_accept. handle_handshake doesn't touch the request or iri buffer in the code path that leads to handle_open_conn. (It does so in the error router alone.)

Missing SNI (i.e. servname == NULL) is already handled correctly. puny_decode refuses to work on NULL servname, c->domain is still the empty string and everything flows as expected towards the error at the end. However, it's better to bail out early and make more explicit how the case of missing SNI is handled.

Changed gmid.service to not to fork the server and forced to run under user "gmid". gmid now waits for the network stack beeing available before starting. Also "gmid" is now the syslog id.

Disallow everything landlock can handle. The logger process doesn't need any fs access (on OpenBSD it runs with pledge("stdio recvfd")).