For standalone builds the HSM code is not used, so we can exclude it.
The resulting binary now no longer requires libc of a certain version to
be present.
Replace openssl certificate / CRL generation with the tool as used by
Let's Encrypt, storing the keys on SoftHSMv2, a simulated HSM (Hardware
Security Module).
Include migration of old setups where key files were also stored on
disk.
