secstore_read_index: improve error reporting
secstore: destroy seckey on finish

Fixes a memory leak
hi_key_destroy: fix preemptive zeroing of value

This prevents us from freeing the next entry in the linked list, leading
to a memory leak.
base64: switch to path-safe base64 variant

Note that this is not backwards compatible, your existing secstores will
be broken (not that they were especially not-broken before).
posix_dirname: use memmove instead of strcpy

strcpy does not support overlapping strings, and dirname may return a
pointer which is a subset of the string its passed. When posix_dirname
is called with the same pointer for both parameters, this is undefined
secstore: fix buffer overruns in base64 code
rpc: implement add command
Implement command dispatch, query command
Buffer client data and split into lines
service: complete rigging-up of event processing
Add RPC draft design doc
service: handle SIGINT
service: accept new clients and poll fds
service: initialize & tear down RPC socket
secstore: create secstore.lock with mode 600

Mode 400 is read-only, which prevents us from removing it during
secstore: fix lockfile on secstore initialization
secstore: use secret filename as nonce
Add link to FORMATS.md from SECURITY.md
Add secstore lockfile