Add --lineage command line option for nicer SAN management.

[cowlicks]

cc @SHoen, @PaulSD, @yaegashi

This PR is from some work by @PaulSD mention in #2071 as an alternative way managing SANs on a cert (instead of --expand & --shrink). I have not tested this to see if it works yet.

From the commit:

This allows the user to explicitly select a certificate lineage for
renewal, which may be necessary when removing a domain from a
multi-domain certificate.

[coveralls]

Coverage decreased (-0.06%) to 98.682% when pulling a0b6aa2 on cowlicks:possible-lineage into dcb3fb7 on certbot:master.

[peterthomassen]

While this is suitable to prescribe a lineage for renewal, it does not allow prescribing a lineage name when creating a certificate (because the renewal configuration file does not exist at creation time). However, this would be desirable in some circumstances.

To generalize this so that it also applies at creation time, it would be sufficient if the new command line flag took a lineage name, instead of a configuration filename, i.e. one of the directory names under {live,archive}. Usually, this will be a domain name, or a domain name with a -N suffix.

This should not create any ambiguities, as the name of the renewal configuration file just the lineage name and the conf suffix, i.e. the generalized version is able to provide all the functionality of the current implementation where the filename is passed.

A very similar proposal is --alias, see #2128 and #2128 (comment) therein.

[schoen]

@cowlicks, thanks! (there's a "c" in my name, by the way)

@cowlicks @PaulSD, I have a branch where I was working on the same functionality (and even with the same option name) in response to #2071. I was trying to get a few more features in beyond this, such as allowing a wider range of ways to specify a lineage and being more paranoid about what combinations of options makes sense. If I push my work in progress on that branch, would either of you be interested in reviewing it and/or working on it with me?

[cowlicks]

@schoen Sure! But I won't have time to contribute until the weekend.

[cowlicks]

Closing in favor of your work.

[ohemorange]

@schoen is there an issue somewhere discussing your plans for the --lineage option branch?

[schoen]

@ohemorange, currently not; it was based on #2071 and some in-person conversations with @pde and @bmw. As we've seen this is a subtle issue, I would be happy to have an issue where we discuss what the solution should look like (and I'm also happy to change existing stuff in my branch if we decide on a different strategy). Would you like to start an issue to track it?