It is needed by users to check certificate of KeDiFa while uploading
certificates.

Use KeDiFa to store keys, and transmit the url to the requester for master
and slave partitions.

Download keys on the slave partitions level.

Use caucase to fetch main caucase CA.

kedifa-caucase-url is published in order to have access to it.

Note: caucase is prepended with kedifa, as this is that one.

Use kedifa-csr tool to generate CSR and use caucase-updater macro.

Switch to KeDiFa with SSL Auth and updated goodies.

KeDiFa endpoint URLs are randomised.

Only one (first) user certificate is going to be automatically accepted. This
one shall be operated by the cluster owner, the requester of frontend master
partition.

Then he will be able to sign certificates for other users and also for
services - so each node in the cluster.

Special trick from https://security.stackexchange.com/questions/74345/provide-subjectaltname-to-openssl-directly-on-command-line
is used for one command generation of extensions in the certificate.
Note: We could upgrade to openssl 1.1.1 in order to have it really
simplified (see https://security.stackexchange.com/a/183973 )

Improve CSR readability by creating cluster-identification, which is master
partition title, and use it as Organization of the CSR.

Reserve slots for data exchange in KeDiFa.

Use safe JSON serialisation/deserialisation, as otherwise unusual
slave_references can lead to issues and also character case is not kept.

Also care about case of log access user, which was undetected since
slave_reference in tests were always lowercase.

As some of the nodes can lag behind, the system can be in state, that those
nodes will send inactive (also destroyed) slave publish information. Before
publishing it to master, check if each of slaves is really present on master.

Tasks:

 - [x] prove it really works on simulated environment
 - [x] check impact on massive simulated environment
 - [x] cover with a test (optionally)
 - [ ] check test results with this change

/reviewed-on nexedi/slapos!519

Each slave rejected by the frontend will report back detailed information
to slave requester in key request-error-list being [json_list_of_found_errors]

Features:

 * jinja2 is used to generate instance templates
 * downloads are done the same way for all resources
 * create with shared content for all instance profiles
 * fill in instance-common with shared sections
 * render templates late in order to ease its extenension and development
 * drop not needd duplicated section
 * drop slap-parameter in frontend and replicate template
 * simplify monitor configuration
 * move instance-parameter to instance file
   Thanks to this only one and topmost profile is reponsible for parsing and
   passing through the information which comes from the network

Therte is no need to control whitespace adding by Jijna2 and dropping it
simplifies the templates.

It will allow to take better control over generated configuration files.

This will make it easier to track changes.

apache-frontend: log access, one per slave

apache-frontend: protect log access with password

apache-frontend: slave publish their log-access-url

apache-frontend: publish all log-access urls

apache-frontend: comment md5 for development

apache-frontend: slapos.recipe.cmmi updated

apache-frontend: fix log access

apache-frontend: specify frontend for the log access

apache-frontend: update md5sum

apache-frontend: update versions

apache-frontend: log access, one per slave

apache-frontend: protect log access with password

apache-frontend: slave publish their log-access-url

apache-frontend: publish all log-access urls

apache-frontend: comment md5 for development

apache-frontend: slapos.recipe.cmmi updated

apache-frontend: fix log access

apache-frontend: specify frontend for the log access

apache-frontend: update md5sum

apache-frontend: update versions

This commit introduce the "replicate" software type. The main instance of type replicate will request frontend and transmit to them all the needed configuration so that it seems transparent.