Changes:

 * traffic_cop was removed, so use traffic_manager directly
 * logging.config was changed to logging.yaml
 * made records.config and storage.config similar to original files
 * proxy.config.admin.synthetic_port option was removed
 * proxy.config.process_manager.mgmt_port option was removed
 * test: ignore traffic.out in logs
 * test: update ATS version
 * pqsn field was removed and replaced with shn, so follow upstream:
   https://github.com/apache/trafficserver/commit/b0969c91ebc52b37f4c3195ec17d4d0c1c18650c
 * add a test to prove squid.log working, as upgrade resulted with not
   created file

Thanks to using check_execute_command with logrotate -d one can assure, that
logrotate is for sure correctly configured.

By disabling delaycompress filenames are going to be stable, on delaying the
compression is not needed.

By copy paste mistake wrong log files were configured for log rotation,
resulting with damaging logrotate for the whole partition.

By using nginx it's possible to set it up to expose logs nicely with the
real frontend.

furl is used to rewrite URL from the frontend to add proper username and
password information.

Backend logs are exposed as usual access and error logs.

By using rsyslogd templates and regex filtering, the rsyslogd reacts itself
and creates needed files per each slave which accesses it. Thanks to this, it's
configuration is static from point of view of SlapOS profiles, and can be
generated once.

As the rsyslogd configuration became fully special to backend-haproxy, the
rsyslogd template filename and its references has been correctly renamed.

Logs are critical for caddy-frontend, so let's configure rotate-num locally,
as changes in the stack can come unattended, and can result with loosing logs.

By default do not offer authentication certificate, the switch
authenticate-to-backend can be used on cluster or slave level to control
this feature.

rsyslogd is used, as haproxy does not support writing log files by its own.

This is needed in order to provide future support for client certificates
to the backend.

Also it means that haproxy is used in all cases, with or without cache, and as
a result the "cached" version of caddy is dropped.

Let haproxy setup maxconn by itself, as it's wise enough.

Also trust that it'll detect and use proper limits, instead enforcing them in
the shell with ulimit trick (ulimit -n $(ulimit -Hn)).

As empty server alias can impact the configuration, add proper test for
checking it.

Instead of passing various kedifa information to the profile generating
configuration use section kedifa-configuration and access later such grouped
values.

In context of frontend node reuse passed directory section to slave
configuration to improve readability and simplify future enhancements.

QUIC is not used at all, and became superseded by HTTP/3

Customized configuration support is not used since introduction of
Caddy software, so there is no need to support it anymore.

This allows to use monitor-setup-url correctly.

Instead of forcing to set monitor port in some cases, just generate them,
so it's possible to correctly instantiate caddy-frontend on one partition
scenario like in webrunner or tests.

Caddy by itself does not raise soft limit of open files, so it has to be set
by the wrapper.

As slapos.cookbook:wrapper can't be used for such case, the
slapos.recipe.template:jinja2 recipe inline style is used to have full
control over the created wrapper.

/reviewed-on nexedi/slapos!678

Prevent creating 2 wrapper for the same service if hash changed. Here, one service is exited because port is used by the firt to service to start:

    slappart6:runner-sshd-4248650e36a9a26a6481df1baffd9f58-on-watch                RUNNING   pid 27835, uptime 0:03:45
    slappart6:runner-sshd-b3b68f4278ceb84691ec27521ea229eb-on-watch                EXITED    Mar 06 04:52 PM

To achieve that, update slapos.cookbook and use hash-existing-files option of wrapper recipe

hash-existing-files list all the files used for hash that are not
handled by buildout. For those files, the hash is calculated as soon as
the __init__ function so that if there is a change in those files,
buildout will remove the existing wrapper (it will uninstall the
section) and replace it with the new wrapper.

/reviewed-on nexedi/slapos!525

Caddy and ATS shall have same timeouts for the requests.

It defaults to 600s, which is good reasonable chosen before.

/reviewed-on nexedi/slapos!597

Instead of expensive and long checking of the configuration during promise run
read last stored state.

This decouples configuration validation calculation from promise check. The
validation information is updated often (on each configuration change, on each
reload, etc) and every 2 hours.

Validation happens on each configuration change, but for sure it is checked
each 2 hours.

State of configuration is calculated in separate script.

Move files from var/log/trafficserver/*old to
srv/backup/logrotate/trafficserver, xz them and clean files older than a
year.

Some arguments needs Caddy process restart, so implement it with
hash-files and also inform the master partition requester about parameters
which will result with process restart.

caddy-frontend master partition does not implement any promise in etc/promise,
all is migrated to etc/plugin

caddy-frontend-is-running-actual-software-release promise is not needed
anymore, as hash-files are used.

There is no need anymore to have two processes for normal and nginx slaves,
as nginx ones are served by caddy anyway.

Also inform the requester that type:eventsource is not implemented.

Since Caddy v0.11.4 it is possible to disable log rotation, thus disable it
and rely purely on SlapOS defined log rotation.

See https://github.com/mholt/caddy/releases/tag/v0.11.4

This also means that caddy source is fetched directly from upstream, as all
required fixes has been incorporated into the upstream.

Since https://github.com/mholt/caddy/releases/tag/v0.11.4 TLS-SNI challenge
is replaced by ACME TLS-ALPN challenge, so switch has changed.

Drop direct usage of gowork for now, in order to have caddy built using go
module, support for gowork with go modules might come later.

/reviewed-on nexedi/slapos!544

Instead of complex architecture in the profiles, reuse kedifa-updater
capability to do backward compatibility certificate management thanks to its
fall-back mechanism.

kedifa-updater uses state file to know, if it ever succeed to download
certificate from KeDiFa, and so it really makes it that pushing at least once
certificate to KeDiFa, even if it is sometimes unresponsive, will switch to
it.

Fallback certificate is used, thus each slave listens immediately on HTTP and
HTTPS. Thanks to this, asynchronous updates do not need to communicate with
slapos node instance, and slapos node instance does not care about the
certificates anymore.

Instead of fetching certificates on each slapos node instance use new
kedifa-updater, which is a tool to asynchronously fetch certificates and
has a hook to reload the server in case if new certificate is available.

custom_ssl_directory is NOT BBB

This is consistent across usage in caddy-frontend and allow better reusage.