Standalone broker (independent of App Engine)

Currently the broker code is implemented only for App Engine; i.e. it doesn't have a main function and relies on being invoked using the App Engine APIs.

Instead, the broker should run as a standalone HTTPS server somewhere, and App Engine should only be a dumb request/response forwarder (we can steal the forwarder code from meek). That will make it possible to easily add domain fronts other than Google (#22782 (moved)), and any secret data we handle on the broker won't have to be revealed to Google.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information