Standalone broker (independent of App Engine)
Currently the broker code is implemented only for App Engine; i.e. it doesn't have a
main function and relies on being invoked using the App Engine APIs.
Instead, the broker should run as a standalone HTTPS server somewhere, and App Engine should only be a dumb request/response forwarder (we can steal the forwarder code from meek). That will make it possible to easily add domain fronts other than Google (legacy/trac#22782 (moved)), and any secret data we handle on the broker won't have to be revealed to Google.