less logger.h

make server_init and server_configure_done 'public' server_configure_done is the code we ran in IMSG_RECONF_END splitted in a separate functions. This is all needed for ge.c which doesn't do privsep but needs to bootstrap the server process.

remove debug code

rework the daemon to do fork+exec It uses the 'common' proc.c from various OpenBSD-daemons. gmid grew organically bit by bit and it was also the first place where I tried to implement privsep. It wasn't done very well, in fact the parent process (that retains root privileges) just fork()s a generation of servers, all sharing *exactly* the same address space. No good! Now, we fork() and re-exec() ourselves, so that each process has a fresh address space. Some features (require client ca for example) are temporarly disabled, will be fixed in subsequent commits. The "ge" program is also temporarly disabled as it needs tweaks to do privsep too.

switch to the more usual log.c

rename log.[ch] to logger.[ch]

move and dedup the tls initalization in server.c

provide a more usual fatal fatal usually appends the error string. Add 'fatalx' that doesn't. Fix callers and move the prototypes to log.h

move some server-related code to server.c

send capsicum/landlock/seccomp hack to Valhalla

typo

make the various strings in the config fixed-length will help in future restructuring to have fixed-size objects.

server: inline dispatch_imsg

add ge: gemini export!

optionally disable the sandbox on some systems The FreeBSD and Linux' sandbox can't deal with `fastcgi' and `proxy' configuration rules: new sockets needs to be opened and it's either impossible (the former) or a huge pain in the arse (the latter). The sandbox is still always used in case only static files are served.