I'm not sure the trap needs to be there at all really..

* Refactored symbiosis-ssl code into the library
* Added tests to test this new code.
* symbiosis-ssl tries to regain privs after creating the certs if it
  thinks it has them.
* Changed what gets logged when a bit.  Stuff in the SSL validation
  checks is now only shown if $DEBUG is set.
* The cache of available SSL sets is always emptied before rollover
  starts.
* The way available sets are sorted has changed to be done by expiry.
* The symlink to current now uses the full path.
* SSL sets are now kept in config/ssl/sets for neatness/namespace
  goodness.
* CertificateSet#write drops privs if possible when creating a new set.

There is no way to determine if an key is already registered with the
server.  Previously we just registered and caught any errors, but it
turns out that the Acme servers always return "Malformed" if there is
any problem with the request at all (e.g. bad email address, key
previously registered).  This means we can return a sane error to the
user if the request fails, without parsing the error text.

However if a key is not registered, the server will return Unauthorized
when requesting a new challenge via new-authz, so we can use that to see
if a key is valid or not.

This makes verbose logging neater.  Also various fixups around for the
binary

We now deal in "Sets" of SSL certificates.  A valid set is a directory
with a working certificate, key, and possibly a bundle.  This has moved
a lot of the SSL code from Symbiosis::Domain into Symbiosis::SSL::Set.