Add certificate watcher for external certs to reload nginx

In case of TLS_FLAVOR=[mail,cert], the user supplies their own certificates.
However, since nginx is not aware of changes to these files, it cannot
reload itself e.g. when the certs get renewed.

To solve this, let’s add a small daemon in the place of
`letsencrypt.py`, which uses a flexible file-watching framework and
reloads nginx in the case the certificates change ….

core/nginx/start.py

@@ -9,6 +9,8 @@ if os.path.exists("/var/run/nginx.pid"):
 
 if os.environ["TLS_FLAVOR"] in [ "letsencrypt","mail-letsencrypt" ]:
     subprocess.Popen(["/letsencrypt.py"])
+elif os.environ["TLS_FLAVOR"] in [ "mail", "cert" ]:
+    subprocess.Popen(["/certwatcher.py"])
 
 subprocess.call(["/config.py"])
 os.execv("/usr/sbin/nginx", ["nginx", "-g", "daemon off;"])