TLS key management

[grinapo]

net listen contains the TLS keys. LetsEncrypt periodically rotate keys. We need a sane way to update the running-config with the new keys.

Either by external signal, or by detecting that the files have changed. Maybe it's not always good to automagically reload keys, so maybe this shall be explicitely enabled.

Maybe a full restart is a bit heavy for key replacement.

May be related to #98 .

(Sidenote: one expects to see all the config changed at conf diff while net listen is not part of that. At least a documentation suggestion is due but maybe even convincing conf diff to mention the listening config.)