This is a hedge against any bugs that may cause the badge to hang when
left running for a long time, and it also means that badges will
effectively check for updated code once a day.

Doesn't seem to be used anywhere; may have been inherited from flash
proxy.

math/rand always uses a deterministic seed. The sequence of session IDs
was therefore always the same:
	Uv38ByGCZU8WP18PmmIdcg
	lWbHTRDYaB0NhtHpHgAWeQ
	...

Multiple copies of this program would have had session ID collisions. I
don't know what the consequences of that would be.

This way, we don't lose state of certificates every time the process is
restarted. There's a possibility, otherwise, that if you have to restart
the server rapidly, you might run into Let's Encrypt rate limits and be
unable to create a cert for a while.
https://godoc.org/rsc.io/letsencrypt#hdr-Persistent_Storage

This removes the --tls-cert and --tls-keys options and replaces them
with --acme-hostname and (optional) --acme-email. It uses
https://godoc.org/golang.org/x/crypto/acme/autocert, which is kind of a
successor to https://godoc.org/rsc.io/letsencrypt.

The autocert package only works when the listener runs on port 443. For
that reason, if TOR_PT_SERVER_BINDADDR asks for a port other than 443,
the program will open an *additional* listening port on 443. If there is
an error opening the listener, it is reported through an SMETHOD-ERROR
for the requested address.

The inspiration for this code came from George Tankersley's patch for
meek-server:
https://bugs.torproject.org/18655#comment:8
https://github.com/gtank/meek/tree/letsencrypt

This was a bug added in 8378f859 when
this code was moved out of a switch.

Might make this controlled by ServerTransportOptions instead of the
--disable-tls command line option.

This was only needed for very very old Firefox before WebSockets were
properly standardized.

Recommend ServerTransportListenAddr in torrc instead.

pt-spec no longer talks about SIGINT.