WIP: Certificate Update Manifests.

This is my first take on Update Manifests. Needs locking, integration tests, and a bit of polish. This is a heads up and request for comments.

The manifests are served using nginx with a little bit of lua to distinguish between requests for ancient history and future, returning 404 and 400 respectively.

The manifests are managed and updated using hagridctl. There are subcommands to parse the log files and produce manifests, merge manifests into buckets, prune old manifests, check for consistency, and to repair inconsistencies.

The idea is to run hagridctl from-log, hagridctl compact, and hagridctl gc using a cronjob, and to use check and recover manually.