Simplify code a bit.
Change directory when starting caucased, so all files are stored inside
test's temporary directory (and not just the database).
Tolerate caucased not immediately starting.
Fix CA presence tests (well this is embarrassing).
List test directory content when failing, as it will get deleted shortly
after.

In shell/caucase.sh line 1134:
    trap "kill \"$caucased_pid\"; wait; rm -rf \"$tmp_dir\"" EXIT
                 ^-----------^ SC2064: Use single quotes, otherwise this expands now rather than when signalled.
                                                 ^------^ SC2064: Use single quotes, otherwise this expands now rather than when signalled.

These variables are local, so immediate expantion is expected.

Basically, wrap stdout and stderr whenever they do not have an encoding
with an ascii-encoding writer, and write unicode to stdout & stderr.
wsgi.errors is defined in the reference implementation as being a StringIO,
so follow that.
Stop using argparse.FileType to get rid of python3 "file not closed"
errors.
Also, fix setup access to CHANGES.txt .
Also, fix 2to3 involvement.
Also, replace test.captureStdout with extra tool arguments.

Make coverage tests tolerate the no-op code path where the backup ends
right on a block boundary not being exercised.

Test backup chunk boundaries.
Test absence of a backup before the first user is created.

Resolve deprecation warnings in tests:
caucase/ca.py:548: CryptographyDeprecationWarning: Extension objects are deprecated as arguments to from_issuer_subject_key_identifier and support will be removed soon. Please migrate to passing a SubjectKeyIdentifier directly.
  critical=False,
caucase/ca.py:326: CryptographyDeprecationWarning: Extension objects are deprecated as arguments to from_issuer_subject_key_identifier and support will be removed soon. Please migrate to passing a SubjectKeyIdentifier directly.
  x509.SubjectKeyIdentifier,
caucase/test.py:422: CryptographyDeprecationWarning: Extension objects are deprecated as arguments to from_issuer_subject_key_identifier and support will be removed soon. Please migrate to passing a SubjectKeyIdentifier directly.
  critical=False,

Always wait at least 60 seconds between consecutive wake-ups. Avoids
spamming server and local logs with attempts in case of temporary issues
(ex: network).

Load CRL expiration date even when it has not just been renewed.
Also, request a newer CRL before local one expires (7 days by
default).

Allowing clients to have a period of CRL validity overlap.

Rerun with updated nxd-relicense. This actually changes license text in
every file.

Before:

	W: caucase/__init__.py: cannot find license start
	W: caucase/_version.py: no copyright
	W: caucase/ca.py: cannot find license start
	W: caucase/cli.py: cannot find license start
	W: caucase/client.py: cannot find license start
	W: caucase/exceptions.py: cannot find license start
	W: caucase/http.py: cannot find license start
	W: caucase/http_wsgibase.py: cannot find license start
	W: caucase/storage.py: cannot find license start
	W: caucase/test.py: cannot find license start
	W: caucase/utils.py: cannot find license start
	W: caucase/version.py: cannot find license start
	W: caucase/wsgi.py: cannot find license start
	W: setup.py: cannot find license start
	W: shell/caucase.sh: cannot find license start
	W: versioneer.py: no copyright

After:

	W: caucase/_version.py: no copyright
	W: versioneer.py: no copyright

Add FOSS licence exception.
Fix copyright holder name.

Since "ca: Do not use a 128bits OID arc for caucase internal use" new OIDs
are used, but the migration was not tested, so it's added here.

@jerome 
@vpelletier ,

Tests do pass at
https://nexedi.erp5.net/test_result_module/20200122-713A91C9/view?ignore_layout:int=1

/reviewed-on !12

Many software packages do not support 128 bits arcs in OIDs (see
https://misc.daniel-marschall.de/asn.1/oid_facts.html#chap4), use a
registered OID instead.

Certificates emitted using the legacy OID are migrated to the new OID on
renewal.

Mix of work by Vincent Pelletier <vincent@nexedi.com> and
Thomas Gambier <thomas.gambier@nexedi.com> finished by
Lukasz Nowak <luke@nexedi.com>

Just like other places in caucase-updater, print the next time of wake up.
This information is useful in logs, for debugging caucase-updater problems.

/reviewed-on !6

Timedeltas between utcnow() and now() depend on system timezone, so
they can last many hours when a few seconds is intended.

The now() here was entered by mistake.

/reviewed-on !5

Reduces backslash-doubling crazyness.

...when connection is used as a context manager (which is the expected
coding style anyway).
If silently ignored, rollback may be incomplete if a subtransaction already
committed.
And if commit only happen at outmost transaction, no-undo changes could
come undone if outer transaction aborts.

This is currently observed in the code, so no other change is needed.

This is used for serialisation, and there is no need for sub-second
precision.

- 405 (Method Not Allowed) response contains the list of methods allowed on
  current resource
- all responses contain a Date header

Makes test a bit more readable by naming what each value is.