Add support for --challenge-deploy as an alternative to --acme-dir, also supports DNS-01 challenge style

[adelton]

I'm offering for consideration changes that make it possible to offload the challenge work to external scripts.

So instead of

    --acme-dir /var/www/acme-challenges/

you can use

    --challenge-deploy 'read d t ka ; echo "$ka" > /var/www/acme-challenges/"$t"'

That by itself does not sound useful but it gets useful in situations like

    --challenge-deploy /usr/local/bin/acme-challenge-deploy-to-my-servers

or

    --challenge-deploy 'ssh -i ~/.ssh/acme-deploy acme@web.example.com 2>&1'

The change itself is not ready for merging on top of master as the code exceeds the 200 line limit.

However, when applied on top of other pull requests that are currently open, namely #296, #297, or parts of #273 (I can provide separate PR for just the "Remove comments where the subsequent log.info line can carry the same information" part), it is possible to have this logic within 200 lines.

Moving the challenge deployment logic to external script lends itself nicely to the DNS-01 challenge type support, as the only thing that is needed in the acme-tiny code is a support for the slightly different key authorization token format.

I've been running with this change for a couple of weeks and I feel I can show it now.

[atsampson]

I'd find something like this useful as well. For several years, I've been using a similar but less flexible patch to just run a fixed command after the challenge file is created (in my case, to rsync the challenges from an internal machine to the actual webserver).

You could make it easier to write the challenge commands by passing the arguments as environment variables, rather than to stdin? i.e. _cmd(..., env={"domain": domain, ...})

[adelton]

I went with the stdin proposal because that tends to have the smallest attack surface area against possible exploits. I wonder what others think?

[adelton]

I've now rebased on master.