This fixes the permissions on /etc/caddy to match standard linux
permissions for /etc, and makes the Caddyfile read-only for the caddy
user.

This adds new feature to load envs from file provided from command line argument
Implement parsing of the env file for simple KEY=VALUE format

Add REQUEST_SCHEME to fastcgi envs

Fixes https://github.com/mholt/caddy/issues/2152

fastcgi: strip PATH_INFO from SCRIPT_FILENAME (mirroring SCRIPT_NAME)

Otherwise it overflows int type on 32-bit builds

This way we store a short 8-byte hash of the UA instead of the full
string; exactly the same way we store TLS ClientHello info.

And fix a typo in a comment, sigh

Knowing whether Caddy is running in a container is super-useful for
debugging and troubleshooting, as well as for making development-time
decisions, because Docker is one of the top contributors to our
user support burden.

Thanks to Eldin for helping to test it.

Caddy telemetry: a global, server-side perspective of the health of the Internet

Also improve handling of disabled metrics, and record TLS ClientHello
in association with User-Agent

# Conflicts:
#	caddy/caddymain/run.go
#	caddyhttp/httpserver/plugin.go
#	caddytls/client.go

* Enabled configurable Timeout for the proxy directive

* Added Test for reverse for proxy timeout

* Removed Duplication in proxy constructors

* Remove indirection from multiple constructors and refactor into one

* Fix inconsistent error message and refactor dialer initialization

* Regexp support for simple rewrite rule

* Add negate option for simplicity

* ascertain explicit regexp char

* Fixes #1960 Transparent proxy not appending
existing X-Forwarded-For header

* Fixes #1960 Formatting Code

* caddyfile: More robust parsing for 'import' (fixes #2096)

The fix for hanging involves limiting the number of wildcards in an
import pattern to just 1. Otherwise some patterns can expand to the
entire disk.

The other fix requires that the end string for an environment variable
expansion come after the start string.

* caddyfile: Fix more fuzzing errors

- Introduce StrictHostMatching mode for sites that require clientauth
- Error if QUIC is enabled whilst TLS clientauth is configured
  (Our QUIC implementation does not yet support TLS clientauth, but
  maybe it will in the future - fixes #2095)
- Error if one but not all TLS configs for the same hostname have a
  different ClientAuth CA pool

Apparently Cloudflare just caused 1.1.1.1 to resolve, so we have to
change our test IP, hopefully this is better