We should not use $PYTHON, because this implicitly depends on the
python version that was used when the shared part is installed, leading
to this kind of problematic scenarios:
 - install the part from a python2.7 software, this creates scripts
  with "python2.7" in shebang line
 - install a python3 software referencing glib, it uses the shared
  part that was installed with python2, but "python2.7" is not in $PATH

By referencing the part explicitly, it becomes part of the signature
of the part, so a software on python2 and a software on python3 will
use a different version of the shared part.

945a2e97 (proxysql: bundled libinjection needs Python 2, 2021-12-23)
addressed the problem that proxysql was using system python, by placing
slapos' python in $PATH, but it added it after default $PATH, which
made proxysql use system python if available and only fallback to
slapos' python.
This changes the order of $PATH entries to always use slapos' python

python or python2 is system python, which we want to avoid

See merge request nexedi/slapos!1276

Running test as last makes no sense nowadays, as the site is fully prepared.
Awaiting for each possible log of configured frontend is not worth the
requirement, so make those tests as first ones, which simplifies running only
them with reproducible effect.

All tests which could be affected by that fact has been identified and changed.

otherwise it probably uses system's openssl.

Setting rpath seems not needed because we are using
-DBUILD_SHARED_LIBS=OFF here.

https://github.com/sigoden/dufs

New software to serve static files

See merge request nexedi/slapos!1270

caddy-frontend-N is bad name, it's just frontend-node-N.

This option was useful only during the time, when there were experiments
running on caddy-frontend clusters during switch to HTTP/2.

Currently HTTP/2 is a standard, and there is no reason to disable it globally.

Attention, this change will require manual intervention on the upgraded
cluster with:

sed -i 's/^recipe = caddyprofiledeps/recipe = software/g' .installed*

On each partition.

NAME_BASE is set on top of the file with informative warning, so that
developers are aware of consequences.

instance-slave-caddy-simplified-input-schema.json has been removed, as it is
not useful.

Some profiles were templates and vice versa, which was very
misleading.

The most complex case - no automatic https redirection and usage
of url and https-url is used to check implementation of type:redirect now.

3.7.3 is an "urgent" new release as announced in
https://www.postfix.org/announcements/postfix-3.7.3.html
the old 3.7.2 version seem to have bee removed from mirrors
(see http://postfix.mirrors.ovh.net/postfix-release/official/ for a
mirror with directory index) and was not in shacache.