Only listen on ldapi:/// during bootstrapping

[alubbock]

Currently, slapd listens on ldap:/// and ldapi:/// during bootstrapping, which means that external connections to the container can get accepted before the bootstrapping is complete. This causes issues when using custom LDIF files, which may not have fully processed by the time an external query is made.

This PR changes the startup.sh script to make slapd only listen on ldapi:/// (effectively local-only access) during the bootstrapping stage. This should also help when using Kubernetes readiness probes, which may get prematurely triggered during the bootstrap stage when the container should not be accepting connections.