Fix #493: Expose ACME structures for user-managed certificate renewal

[andrewbaxter]

Sorry for plowing ahead with this, but I was blocked on it in another project and wanted to make some progress.

Basically this exposes issue_cert along with the surrounding necessary structures, methods, etc. I made the following big changes:

• issue_cert was made public and its responsibilities were restricted to only completing the ACME procedure. Using the certificate is left to the caller (no serializing, no updating the resolver, etc).
• A new simplified (no caching, no spawned TLS update loop) 443 listener was added
• The Http01 port 80 listener was made public

The following shared state structures were also made public

• AcmeClient - used by issue_cert but may be shared across invocations
• ResolveServerCert - used by issue_cert, issue_cert caller, and 443 listener
• http01 key map - used by issue_cert, 80 listener

And some other helper functionality was exposed, methods for avoiding transitive deps, etc.

There's an example showing the usage (just showing the parallel to the fully poem-managed ACME http01 process). I believe it's minimal: there's not a lot of boilerplate and exposed functions and objects have clear uses, etc.

I'm happy to rename/reorg things, improve comments if things are unclear, or if there are other changes needed.

[andrewbaxter]

key_pair was only used by issue_cert and was already accessible via the AcmeClient so I changed issue_cert to access it that way. Otherwise more internal structures would need to be exposed and passed through multiple layers, and I couldn't think of other ways that this would be needed.

[sunli829]

I’m so sorry for taking so long to handle this PR because I’ve been busy with other things. 🙂

[andrewbaxter]

Oh wow, thanks! No worries, and I'm glad you thought it was reasonable!