fixes for -Wpointer-sign

add a privsep crypto engine Incorporate the OpenSMTPD' privsep crypto engine. The idea behind it is to never load the certificate' private keys in a networked process, instead they are loaded in a separate process (the `crypto' one) which signs payloads on the behalf of the server processes. This way, we greatly reduce the risk of leaking the certificate' private key should the server process be compromised. This currently compiles only on LibreSSL (portable fix is in the way).

move print_conf and make it take the config as argument

parse_conf: don't die on error, return -1 this avoids having the daemon dieing on SIGHUP with a bad config file.

don't have the config being a global

move hosts into the config struct

move fastcgi from global var to the config struct while here also make them a list rather than a fixed-size array.

readd proxy certs and `require client ca' support Was temporarly disabled during the transition to real privsep. While here, fix a memory leak when using `require client ca'. Also, avoid leaking info about the parent address space layout to server processes by not sending pointer values.

fix typo

keep cert/key/ocsp path as strings and don't send them via imsg

remove foreground / verbose from config set them as global vars; rename foreground -> debug

move logger() prototype to gmid.h and delete logger.h

make server_init and server_configure_done 'public' server_configure_done is the code we ran in IMSG_RECONF_END splitted in a separate functions. This is all needed for ge.c which doesn't do privsep but needs to bootstrap the server process.

move log_request to gmid.c so that ge can provide its own log_request without requiring a separate logger process.

move make_socket to config.c and make it private