Container certificate provisioner

[mithrandi]

The basic idea:

1. Run one instance of this container per host, with the necessary credentials to complete DNS challenges.
2. Have a listener that connects to the container system API (eg. Docker) and watches for containers coming and going, automatically provisioning certificates based on some policy (eg. container labels).
3. Provide the certs to the container in some standard way (eg. shared volume).