Put all SSL cert stuff in The Right Folder™

[taoeffect]

So, related to sovereign/sovereign#251, and related to my comment here (which i'll quote here):

For a future PR, let's move the keys to one folder (both the .key and the .crt), and let's put it in a place that's recommended by dovecot, which I believe @al3x also created an issue for in sovereign.

Also worth doing, as part of this issue or a separate one, moving roles/common/files/wildcard_private.key (the user's key) to a top level folder called secrets instead of buried within the roles.

So this is a two parter:

1. Place .key and .crt into "the right place" on the server, and make that place a single folder so that it's easy to re-generate keys by simply deleting it.
2. Create a secrets folder in this repo at the top level and tell users to put their private key. It's best to not distribute a "default key" the way sovereign is currently doing, as that is ... how you say... something that people should be sued over (default passwords = negligence).

---

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

[taoeffect]

Actually, @PiPeep reminds me that PR #35 gets rid of the default private key, so we're good on not being negligent, but we still need to fetch the user's key from a top-level secrets folder.

[taoeffect]

Copied from 46:

Note that these files shouldn't remain on the server:

• /etc/ssl/certs/wildcard_public_cert.crt
• /etc/ssl/certs/wildcard_ca.pem
• /etc/ssl/private/wildcard.csr
• /etc/ssl/private/openssl.cnf