man: add some hand-holding for terminal URL recognition
build: make tlstunnel target PHONY
Protect acmeCache.config with atomic.Value

GetConfigForCert can be called from multiple goroutines.
Increase TLS handshake timeout

On-demand certificates can make the handshake pretty slow. It takes
about 5s on my setup.
Unmanage certificates when no longer needed
Upgrade certmagic

Upgrade to caddy's pinned version.
Add downstream TLS handshake timeout
Avoid half-open TCP connections
Fix tls-alpn-01 challenge errors

certmagic's NextProtos contains acmez.ACMETLS1Protocol. We mustn't
overwrite it, otherwise tls-alpn-01 challenges will fail.
Add more context to errors
Add `tls on_demand validate_command`
Stop certmagic cache on shutdown
Expand on_demand docs
Fix SIGINT handling

Go's not very helpful here.
Add `tls on_demand`
Initialize certmagic in Server.Start

This allows directives to change ACMEConfig or ACMEManager before
the server is started.
Update dependencies
Add config reloading

Instead of updating the configuration, we configure a new Server instance and
then migrate Listeners that still exist to it. Open client connections are
left completely untouched.

Closes https://todo.sr.ht/~emersion/tlstunnel/1
Remove unused Server reference
Add support for ALPN

Closes: https://todo.sr.ht/~emersion/tlstunnel/11