Harden the new MX/SRS mail setup so LDAP isn't a SPOF

The new servers mx-dal-01 and srs-dal-01 make LDAP queries to fetch email forwards. This introduces LDAP as single point of failure for mail delivery. We should mitigate this. Options are:

add redundancy to LDAP by adding extra LDAP nodes (possibly read-only).
run LDAP proxy caches locally on the MX and SRS servers
generate static files based on LDAP data:
- using UD-LDAP
- using a custom script that queries LDAP periodically
- in puppet, using something like https://forge.puppet.com/modules/puppet/ldapquery/readme

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information