readd proxy certs and `require client ca' support Was temporarly disabled during the transition to real privsep. While here, fix a memory leak when using `require client ca'. Also, avoid leaking info about the parent address space layout to server processes by not sending pointer values.

fix typo

keep cert/key/ocsp path as strings and don't send them via imsg

remove foreground / verbose from config set them as global vars; rename foreground -> debug

move logger() prototype to gmid.h and delete logger.h

make server_init and server_configure_done 'public' server_configure_done is the code we ran in IMSG_RECONF_END splitted in a separate functions. This is all needed for ge.c which doesn't do privsep but needs to bootstrap the server process.

move log_request to gmid.c so that ge can provide its own log_request without requiring a separate logger process.

move make_socket to config.c and make it private

move some new_* functions from parse.y to utils.c

drop now unused dispatch_imsg

rework the daemon to do fork+exec It uses the 'common' proc.c from various OpenBSD-daemons. gmid grew organically bit by bit and it was also the first place where I tried to implement privsep. It wasn't done very well, in fact the parent process (that retains root privileges) just fork()s a generation of servers, all sharing *exactly* the same address space. No good! Now, we fork() and re-exec() ourselves, so that each process has a fresh address space. Some features (require client ca for example) are temporarly disabled, will be fixed in subsequent commits. The "ge" program is also temporarly disabled as it needs tweaks to do privsep too.

rename PROC_MAX to PREFORK_MAX

adjust comments

move config-related code to config.c reuse it in ge too.

remove unused define