Implement ACME certificate provisioning with rustls-acme

Add ACME TLS module with automatic Let's Encrypt certificate provisioning
and renewal using rustls-acme 0.12. Each listener creates its own AcmeConfig
with domain list, cache directory, and Let's Encrypt directory URL. The ACME
state machine runs as a background tokio task per listener, and
ResolvesServerCertAcme serves the provisioned certificate. Certificate
failure behavior: fail to start without valid cert, continue serving if one
exists. TLS-ALPN-01 is the default challenge type with acme-tls/1 ALPN
registered. Cipher suites restricted to 4 TLS 1.2 + all TLS 1.3 suites.

Also implements manual TLS mode with PEM file loading, SNI-based cert
resolution, and shared CryptoProvider with restricted cipher suites.

Cargo.toml

@@ -4,6 +4,10 @@ version = "0.1.0"
 edition = "2021"
 license = "MIT OR Apache-2.0"
 
+[lib]
+name = "reverse_proxy"
+path = "src/lib.rs"
+
 [[bin]]
 name = "reverse-proxy"
 path = "src/main.rs"
@@ -26,4 +30,9 @@ rustls-pki-types = "=1.12.0"
 clap = { version = "=4.6.1", features = ["derive"] }
 signal-hook = "=0.3.18"
 anyhow = "=1.0.102"
-thiserror = "=2.0.18"
+thiserror = "=2.0.18"
+futures = "=0.3.31"
+
+[dev-dependencies]
+rcgen = "=0.13"
+tempfile = "=3"