It is needed by users to check certificate of KeDiFa while uploading
certificates.

Each time new slave appears the kedifa-updater has to be run immediately, in
order for certificates to be properly setup.

Otherwise caddy can be left in non-runnable state until next kedifa-updater
would run again.

Improvements:

 * report processed file
 * process all files even if one is incorrect
 * report errors with exit code

/reviewed-on nexedi/slapos!558

Add missing keys and fix types.

URLs to generate authentication and to upload keys uses self-signed
certificates, which can't be verified.

caddy-frontend master partition does not implement any promise in etc/promise,
all is migrated to etc/plugin

is-process-older-than-dependency-set is not needed, since monitor stack does
not require the older-than-dependecy-set promise.

promise-monitor-httpd-is-process-older-than-dependency-set promise is not
needed anymore, as hash-files are used.

caddy-frontend-is-running-actual-software-release promise is not needed
anymore, as hash-files are used.

/cc @tomo

/reviewed-on nexedi/slapos!555

@rafael I think it would be useful if people can request an NBD server to hold custom image. What do you think ?

/reviewed-on nexedi/slapos!552

This reverts commit 6d2019b965f4a3521b651f2cb9ef241dce29af55, as new caddy
has issues with tls certificate configuration:
https://github.com/mholt/caddy/issues/2588

About nxd-v0.11.5-4-g9d3151db:

 * not released yet functionality for regular expression cookie rewriting
   is available: https://github.com/mholt/caddy/pull/2144

 * not released yet functionality for ca_certifices in proxy:
   https://github.com/mholt/caddy/pull/2380

 * support for builtin log rotation disabling

Since caddy 1.0.0 it is less fragile for PEMs with some garbage, and can
serve sites in such cases.

It revealed, that test was wrongly written, as now the certificate can be a
bit messy, and will be lodaded, but then won't be used, as it does not
match the site.

It's released, let's use the newest version.

This reverts commit 467269a1.

This is just a temporary revert until there is no failures
to build. Right now it fails with :
OSError: [Errno 2] No such file or directory

Building perl on chrome OS crashes because of probing,
during which LD_LIBRARY_PATH is overwritten.
Instead of fixing this bug we can just use this patch created for
another reason but that removes probing:
https://sources.debian.org/src/perl/5.28.1-6/debian/patches/fixes/storable-probing/

There is a test result for this, even if it fails for erp5 and seleniumserver, it feels like it's unrelated to this change: 
https://nexedijs.erp5.net/#/test_result_module/20190423-28D5C67E?uid=2020442141

/cc @tomo @kazuhiko @jm

/reviewed-on nexedi/slapos!551

Fixes FTBFS on recent gcc:
logrotate.c: In function 'prerotateSingleLog':
logrotate.c:1328:6: error: 'strncat' specified bound depends on the length of the source argument [-Werror=stringop-overflow=]
      strncat(tempstr, rotNames->baseName, baseLen - extLen);
      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
logrotate.c:1320:19: note: length computed here
  size_t baseLen = strlen(rotNames->baseName);
                   ^~~~~~~~~~~~~~~~~~~~~~~~~~
logrotate.c:1347:2: error: 'strncat' specified bound depends on the length of the source argument [-Werror=stringop-overflow=]
  strncat(tempstr, rotNames->baseName,
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   strlen(rotNames->baseName) - strlen(log->extension));
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
logrotate.c:1348:3: note: length computed here
   strlen(rotNames->baseName) - strlen(log->extension));
   ^~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

To get new gnulib, fixing build on modern glibc.

4.6.0, the current latest release, is already years old and fails to build
on recent glibc (bundled gnulib is too old).

In order to fix (at least) gcc 5.5 build on gcc 8.3.0 .