Part of #21, thanks vexelnet!

This was only documented in the lengthier design doc before, and the
option of doing "remove_logs" and "static_logs" had not been documented.

Part of #21, thanks vexelnet!

Part of #21, thanks vexelnet!

https://gitlab.torproject.org/tpo/tpa/team/-/issues/40677

Backoff on 4XX and 5XX.  See related issue:
https://github.com/google/certificate-transparency-go/issues/898

Test manually hints:

```
$ cat srv.py
from http.server import HTTPServer, BaseHTTPRequestHandler

class RequestHandler(BaseHTTPRequestHandler):
    def do_GET(self):
        self.send_response(429)
        self.send_header("Content-Type", "text/plain")
        self.end_headers()
        self.wfile.write(b"429 something something...")

    def do_POST(self):
        self.do_GET()

    def do_PUT(self):
        self.do_GET()

    def do_DELETE(self):
        self.do_GET()

if __name__ == "__main__":
    server_address = ('localhost', 9090)
    httpd = HTTPServer(server_address, RequestHandler)
    print("Server running on http://localhost:9090")
    httpd.serve_forever()
```

And a transport for http.Client that redirects to localhost:

```
type statusRR struct {
	inner http.RoundTripper
}

func (s *statusRR) RoundTrip(req *http.Request) (*http.Response, error) {
	if strings.Contains(req.URL.Path, "ct/v1/get-entries") {
		req.URL.Scheme = "http"
		req.URL.Host = "localhost:9090"
	}
	rsp, err := s.inner.RoundTrip(req)
	return rsp, err
}
```

Our get-entries fetcher already backs-off exponentially.

Because openssl wasn't able to parse DER precertificates.  And now the
user can just view the file rather than fiddling with openssl.

Needs tuning, too noisy right now.

Ensures we alert asap if we have something to alert for.

- Detect if we're falling behind while downloading
- Detect if there are any found certificates alerting

Unfortunately larger than what's in Debian backports, but it appears
that github.com/google/certificate-transparency-go requires it.

go get github.com/google/certificate-transparency-go@v1.3.0
go mod tidy

go get gitlab.torproject.org/rgdd/ct@v0.0.0
go mod tidy

go get golang.org/x/crypto@v0.31.0
go mod tidy

go mod tidy

Currently it only runs if there are monitor/feedback events.  Which is
probably fine for the most part, but will be a bit more robust.

For convenience.  For example, now one can debug issues like this:

    openssl x509 -inform DER -in /path/to/crt.der -text -noout

The Debian-backports version.

Closes #2.

Filippo doesn't have a git-commit in this repository yet.  That said, he
has been an integral part of the silentct design-work.  Thank you!

To be consistent with naming of the tools in cmd/.

As opposed to doing a new bootstrap with get-proof-by-hash every time
the next root is constructed.  Bootstrapping the compact range from a
get-proof-by-hash query works for the most part, but fails if the log
included a duplicate entry and gives us the index for that instead.  Log
operators with duplicate entries include Cloudflare and Digicert.

If bootstrap fails (unlucky), we try to bootstrap again once the log's
signed tree head moved forward (hoping the last entry has no duplicate).

The more reliable way to bootstrap a compact range would be to use the
get-entry-and-proof endpoint.  This does not work in practise because
some logs are not implementing this endpoint.  Digicert has such logs.