security/acme-client: Add support for Hurricane Electric DDNS API

[Famaku]

Important notices Before you add a new report, we ask you kindly to acknowledge the following:

• [x] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
• [x] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
• [x] When the request is meant for an existing plugin, I've added its name to the title.

Is your feature request related to a problem? Please describe. The DNS API of Hurricane Electric supports 2FA via access tokens. This feature itself is already supported by the acme plugin but not yet exposed via the GUI.

Describe the solution you'd like Currently, in the GUI username/password are supplied for all domains under "Challenge Type". As this new feature replaces username/password with per-domain access tokens, a field for these should be supplied in each certificates' dialogue. To avoid overlap, a checkbox for enabling access tokens could be added to the "Challenge Type" dialogie for Hurricane Electric. If selected, this should add HE_DDNS_KEY="access_token" to /var/etc/acme-client/accounts/[...]/account.conf and upon requesting the certificate call acme.sh with the --dns 'dns_he_ddns' parameter instead of --dns 'dns_he'.

Additional context A discussion of this feature request can be found here: https://forum.opnsense.org/index.php?topic=49404.0

The API is descrived here: https://github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_he_ddns

[fraenki]

So this is a new API (dns_he_ddns) that should be added. This will not extend the functionality of the existing API (dns_he).

[Famaku]

That is correct. This issue is about making API features accessible via GUI which are currently only available via command-line.