Some arguments needs Caddy process restart, so implement it with
hash-files and also inform the master partition requester about parameters
which will result with process restart.

Kedifa partition was missing monitoring at all, so add it and monitor kedifa
and exposer ip and port.

Partition running caddy was missing monitoring for exposer, so add it.

Use unreal address to avoid any tries for network connectivity.

Kedifa requires some time to process new slave, and during that time the key
download URL is not available, but as it is required for proper mapping file,
use some url to mimic it.

Recent setuptools found a way to install by downloading wheels from PyPI.
But we want to control the versions of all components.

Buildout's kedifa updater just prepares, and so real one has to be run.

During buildout run no network communication is required in order to prepare
fallback certificates, so call kedifa-updater with --prepare-only

It is needed by users to check certificate of KeDiFa while uploading
certificates.

Each time new slave appears the kedifa-updater has to be run immediately, in
order for certificates to be properly setup.

Otherwise caddy can be left in non-runnable state until next kedifa-updater
would run again.

Improvements:

 * report processed file
 * process all files even if one is incorrect
 * report errors with exit code

/reviewed-on !558

Add missing keys and fix types.

URLs to generate authentication and to upload keys uses self-signed
certificates, which can't be verified.

caddy-frontend master partition does not implement any promise in etc/promise,
all is migrated to etc/plugin

is-process-older-than-dependency-set is not needed, since monitor stack does
not require the older-than-dependecy-set promise.

promise-monitor-httpd-is-process-older-than-dependency-set promise is not
needed anymore, as hash-files are used.

caddy-frontend-is-running-actual-software-release promise is not needed
anymore, as hash-files are used.

/cc @tomo

/reviewed-on nexedi/slapos!555

@rafael I think it would be useful if people can request an NBD server to hold custom image. What do you think ?

/reviewed-on !552

This reverts commit 6d2019b965f4a3521b651f2cb9ef241dce29af55, as new caddy
has issues with tls certificate configuration:
https://github.com/mholt/caddy/issues/2588

About nxd-v0.11.5-4-g9d3151db:

 * not released yet functionality for regular expression cookie rewriting
   is available: https://github.com/mholt/caddy/pull/2144

 * not released yet functionality for ca_certifices in proxy:
   https://github.com/mholt/caddy/pull/2380

 * support for builtin log rotation disabling

Since caddy 1.0.0 it is less fragile for PEMs with some garbage, and can
serve sites in such cases.

It revealed, that test was wrongly written, as now the certificate can be a
bit messy, and will be lodaded, but then won't be used, as it does not
match the site.

It's released, let's use the newest version.