change the default PUBKEY for the verify-release target doesn't play well with minor releases such as 2.0.1 since for them I reuse the 2.0 key.

install titan too while here, sort the binaries and the manpages by section and name.

fix release target; add verify-release

add signify pubkeys

fix SRCS and DISTFILES; forgot iri.h, landlock is long gone

`make lint' to check titan.1 too

pass LDFLAGS before LIBS

remove configure.local{,.example} unused, un-updated and ignored for quite some time now.

resurrect landlock support this time targetting ABI level 3; partially based on how claudio@ handled it in rpki-client. Fun how this bit of code has come full circle (gmid inspired what I wrote for got, which inspired what was written for rpki-client, which has come back.)

bundle libtls gmid (like all other daemons that want to do privsep crypto) has a very close relationship with libtls and need to stay in sync with it. OpenBSD' libtls was recently changed to use OpenSSL' EC_KEY_METHOD instead of the older ECDSA_METHOD, on the gmid side we have to do the same otherwise failures happens at runtime. In a similar manner, privsep crypto is silently broken in the current libretls (next version should fix it.) The proper solution would be to complete the signer APIs so that applications don't need to dive into the library' internals, but that's a mid-term goal, for the immediate bundling the 'little' libtls is the lesser evil. The configure script has gained a new (undocumented for the time being) flag `--with-libtls=bundled|system' to control which libtls to use. It defaults to `bundled' except for OpenBSD where it uses the `system' one. Note that OpenBSD versions before 7.3 (inclusive) ought to use --with-libtls=bundled too since they still do ECDSA_METHOD.


two more missing ge -> gemexp

rename ge -> gemexp gemserv is already taken...

add missing -include titan.d

add titan(1) -- a draft titan client