Set PROXY protocol PP2_TYPE_SSL
Use upstream proxyproto.HeaderProxyFromAddrs
Add the "tls.email" directive

To receive expiration warnings from Let's Encrypt.
man: fix acme_ca directive name

Fixes: e2f4dddfefbc ("Change `tls ca` to `tls acme_ca`")
man: add a "files" section
Update certmagic to fix ALPN protocols

A recent certmagic commit [1] removes the assumption that tlstunnel will
proxy HTTP 1.1 and 2 traffic.

[1]: https://github.com/caddyserver/certmagic/commit/3e4c11b75f17b664798de9d2a6e5ca76bbcbaf45
build: fix quoting typo

Quoting after the equal sign isn't recognized by the Go toolchain
Add support for wildcard server names in frontend directives

This adds support for matching incoming TLS connections to the
corresponding frontend when the frontend has a wildcard server name.

This does not add support for generating wildcard certificates from
Let's Encrypt, which requires DNS challenges.
Don't try to guess listening address

Always listen on all hosts. Only use the host part of a frontend
address for TLS cert names.

Customizing the listen host will be better done with a `bind`
directive, like Caddy does.
Store certificates in /var/lib/tlstunnel by default
build: fix clean target not removing man page
build: use SYSCONFDIR for default config path
build: simplify Makefile paths
Move back directive processing to tlstunnel package
Move executable to cmd/tlstunnel

This allows us to expose the toplevel tlstunnel package.
Export Server.acmeManager
Rename Parse and Load to {Parse,Load}Config
ci: add .build.yml
readme: add link to sr.ht project
Add Makefile