define TLS_VERSION, TLS_CIPHER and TLS_CIPHER_STRENGTH for CGI scripts

list instead of fixed-size array for vhosts and locations saves some bytes of memory and removes the limit on the maximum number of vhosts and location blocks.

fix mkdirs: create directories recursively

handle CGI scripts that replies with the maximum header length allowed the 1024 bytes limits is for the META only, not for the whole response. That means that the maximum size for the header line is 1029!

move all sandbox-related code to sandbox.c while there, add capsicum for the logger process

refactoring: imsg everywhere use imsg to handle ALL kinds of IPC in gmid. This simplifies and shorten the code, and makes everything more uniform too.

give each server process its own socket for the executor this fixes a bug introduced with the prefork mechanics: every server process shared the same socket, and this would cause a race condition when multiple server processes asked for a script cgi being executed. This gives each server process its own socket to talk to the executor, so the race cannot happen.

move log_init & vars to gmid.c, retain logger_main in log.c this is to let the regression suite compile

add `log on/off' to enable/disable logs per-location

moving logging to its own process

fix various compilation errors Include gmid.h as first header in every file, as it then includes config.h (that defines _GNU_SOURCE for instance). Fix also a warning about unsigned vs signed const char pointers in openssl.

BUFSIZ is variable, we need *exactly* 1024 Using BUFSIZ in sbuf is not OK. It's variable, and in various places we assume that sbuf is 1024 (like handle_cgi_reply). We could patch those, but we aren't sure BUFSIZ is >= 1024! Let's keep the hardcoded number. (found by debugging on arch on amd64, where BUFSIZ is bigger)

don't mmap Before we mmap(2) file for reading, and use a buffer to handle CGI scripts. Turns out, for sequential access over the whole mmap isn't better than our loop on read. This has also the additional advantage that we can use handle_cgi (now handle_copy) for both files and CGI, which is pretty cool. This also fixes a nasty bug where we could hang a connection forever, because we scheduled the wrong type of event (read on POLLOUT and write on POLLIN, it's the other way around!)

add `require client ca' rule to require certs signed by a CA

define config_path as global variable