Implement graceful shutdown for listeners, admin socket, eviction task, and ACME

- Replace handle.abort() for HTTPS server tasks with timeout-based join,
  allowing in-flight requests to drain before forceful shutdown
- Add shutdown_rx to start_admin_socket with tokio::select! for clean
  accept loop exit and Unix socket file cleanup on shutdown
- Add shutdown_rx to start_eviction_task with tokio::select! for
  cancellable eviction loop
- Add shutdown channel to spawn_acme_state for cancellable ACME state
  machine via tokio::select!
- Pass Arc<GracefulShutdown> through setup_tls to ACME state machine
- Move GracefulShutdown creation before admin socket and TLS setup
- Update integration test for new start_eviction_task signature

src/rate_limit/mod.rs

@@ -102,12 +102,20 @@ pub fn start_eviction_task(
     limiter: Arc<RateLimiter>,
     interval: Duration,
     max_age: Duration,
+    mut shutdown_rx: tokio::sync::watch::Receiver<bool>,
 ) -> tokio::task::JoinHandle<()> {
     tokio::spawn(async move {
         let mut interval_timer = tokio::time::interval(interval);
         loop {
-            interval_timer.tick().await;
-            limiter.evict_stale(max_age);
+            tokio::select! {
+                _ = interval_timer.tick() => {
+                    limiter.evict_stale(max_age);
+                }
+                _ = shutdown_rx.changed() => {
+                    tracing::info!("rate limiter eviction task shutting down");
+                    break;
+                }
+            }
         }
     })
 }