Add the 'connect_timeout' and 'request_max_timeout' configuration
fields, to control respectively the initial connection timeout, and
the maximum time for each individual request. This allows fine-tuning
of the expected performance of specific backends, for example to let
optional backends fail fast.

We're using language-specific Markdown templates to allow simultaneous
generation of text and HTML for fancy multipart/alternative
emails. The package also supports PGP/MIME for signatures (no
encryption yet).

The Context in the http.Request is bound to the one we give it when
calling balancedBackend.do(), so we were accessing it out of scope
when calling the final json.Decode on the response body.

This was not a problem for most *small* requests, as the response Body
already contains all the data due to having read it along with the
headers. However, larger response bodies would cause json.Decode to
call a Read with what at that point is a canceled Context, so the Call
function would return a mysterious "context canceled" error.

(Note that this change introduces a minor, probably less annoying,
issue, where we can't reset "resp" between successive calls so we may
be invoking json.Decode on a non-pristine object if the first call
fails in some circumstances).

Since the idle time can be long, persistent connections could have
prevented a timely server shutdown.

The encoded public key is actually 65 bytes long, not 64.

This is shared code used by id/auth, id/keystore, and others. Unifying
it into its own package helps prevent drift among implementations.

Allows for failover in case a target times out.

Trace requests on client and server HTTP traffic, using a system-wide
configuration file to control reporting.

And return the right error code (403, not 401).

For uniformity with the serverutil package. Also, make error checking
on client TLS setup a bit stricter.

Just use backoff.Retry() straight away without a wrapper.

To match the previous calling convention for DoJSONHTTPRequest and
reduce confusion when migrating from the old API.

Implement a simpler API for the Backend interface, removing most old
public methods and replacing them with a single Call() method, making
the package look a bit more like an actual rpc package (so, hopefully,
easier to replace in the future).

Creation of sharded/replicated clients was swapped, sigh.

Encryption keys are stored themselves encrypted using a
password (kdf+aes-siv construction).

This package was moved over from git.autistici.org/id/keystore and
completely refactored.

The API makes it easier to set custom parameters on hashers. Default
Argon2 parameters were also set to defaults more suited for a
high-traffic authentication service.

Doh, don't know how this was missed until now.

Fixes include:
* only notify systemd after the network socket has been opened
* add net/http/pprof debug handlers
* add /health endpoint for Prometheus blackbox prober

Allows users to specify a set of trusted forwarders in the
configuration, and then using github.com/gorilla/handlers.ProxyHeaders
to rewrite the http.Request parameters according to X-Forwarding-* and
X-Real-IP headers.

Reduces cyclomatic complexity score and makes code more readable.