re-establish fastcgi test

readd proxy certs and `require client ca' support Was temporarly disabled during the transition to real privsep. While here, fix a memory leak when using `require client ca'. Also, avoid leaking info about the parent address space layout to server processes by not sending pointer values.

make ge work again

rework the daemon to do fork+exec It uses the 'common' proc.c from various OpenBSD-daemons. gmid grew organically bit by bit and it was also the first place where I tried to implement privsep. It wasn't done very well, in fact the parent process (that retains root privileges) just fork()s a generation of servers, all sharing *exactly* the same address space. No good! Now, we fork() and re-exec() ourselves, so that each process has a fresh address space. Some features (require client ca for example) are temporarly disabled, will be fixed in subsequent commits. The "ge" program is also temporarly disabled as it needs tweaks to do privsep too.

disable test_unknown_host temporarly breaks on some distro and needs further investigations; it's not that interesting fortunately.

adjust regress to use `ge' for the old configless test

get rid of the CGI support I really want to get rid of the `executor' process hack for CGI scripts and its escalation to allow fastcgi and proxying to work on non-OpenBSD. This drops the CGI support and the `executor' process entirely and is the first step towards gmid 2.0. It also allows to have more secure defaults. On non-OpenBSD systems this means that the sandbox will be deactivated as soon as fastcgi or proxying are used: you can't open sockets under FreeBSD' capsicum(4) and I don't want to go thru the pain of making it work under linux' seccomp/landlock. Patches are always welcome however. For folks using CGI scripts (hey, I'm one of you!) not all hope is lost: fcgiwrap or OpenBSD' slowcgi(8) are ways to run CGI scripts as they were FastCGI applications. fixes for the documentation and to the non-OpenBSD sandboxes will follow.

add tests for the type block

don't skip unit tests when SKIP_RUNTIME_TESTS is set IRI and Punycode tests don't run gmid binary and can be safely executed.

bail out of client_read if we've already decide what to do libevent2 can still somehowe call client_read even in code paths that never enable reading from the evbuffer. Can't reproduce on the libevent in base on OpenBSD. It's a bit ugly, but it's a small workaround for something that otherwise *always* make gmid crash when linked against libevent2. (client_read works under the assumption that c->host != NULL, matched_proxy crashes otherwise.)

add proxying with client certificate test

add a test for the `proxy relay-to' rule

rename `runtime' to `regress' while there also kill an unused rule `regress', it's now redundant since all the tests are run together.