Drop Python 3.5 support

[bmw]

Fixes #8150.

You can see the full test suite passing at https://dev.azure.com/certbot/certbot/_build/results?buildId=2464&view=results.

One unfortunate change with this PR is how it affects certbot-auto users on Python 3.5. Using the packages certbot-auto expects, no certbot-auto user should be on Python 3.5. Despite that, ~415 are. I think to get in this state, you need to have done something like:

1. Use --no-bootstrap and handled getting the OS packages Certbot needs yourself.
2. Tinkered with the script such as setting the undocumented environment variable USE_PYTHON_3 outside of the script (like I did for testing here).
3. Have custom packages installed from outside your official OS repos.

Based on my understanding of the script and testing with Python 3.4, once we drop Python 3.5 support and certbot-auto tries to upgrade itself, it will break for users that have managed to configure it to use Python 3.5. If we update MIN_PYTHON_3_VERSION like I did here, that error will be:

You have an ancient version of Python entombed in your operating system...
This isn't going to work; you'll need at least version 3.6.

If we don't update MIN_PYTHON_3_VERSION, the output will look something like:

Had a problem while installing Python packages.

pip prints the following errors: 
=====================================================
Ignoring enum34: markers 'python_version < "3.4"' don't match your environment
Collecting acme==1.7.0 (from -r /tmp/tmp.gxwksyMwSl/letsencrypt-auto-requirements.txt (line 12))
  Downloading <URL> (42kB)
acme requires Python '>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*' but the running Python is 3.5.x
=====================================================

Certbot has problem setting up the virtual environment.

We were not be able to guess the right solution from your pip 
output.

Consult https://certbot.eff.org/docs/install.html#problems-with-python-virtual-environment
for possible solutions.
You may also find some support resources at https://certbot.eff.org/support/ .

Either outcome is unfortunate, but I think the first is better. We could leave certbot-auto unchanged if people prefer though.

Despite this downside, I think we should go ahead with this dropping Python 3.5 because:

1. We said we'd do it in our next release.
2. We should avoid supporting EOL'd Pythons.
3. Relatively few users are affected.
4. Certbot is printing a warning when run on Python 3.5 on every run.
5. We never did anything differently for past Python deprecations.

In the past, we would migrate users we expected to be on that version of Python, but if you were on a different OS, things suddenly broke like this and as far as I know, we never heard about it. I think it's another unfortunate aspect of certbot-auto, but luckily this should be the last time it happens to people!

[ohemorange]

Using the packages certbot-auto expects, no certbot-auto user should be on Python 3.5. Despite that, ~415 are.

I assume this is just talking about users who are getting certbot-auto updates, right?

You have an ancient version of Python entombed in your operating system...
This isn't going to work; you'll need at least version 3.6.

That is what this message is for, I think it's appropriate to hit it in this situation.

[ohemorange]

Since this affects certbot-auto, we should get a second review. Otherwise, this looks good to me.

[bmw]

I assume this is just talking about users who are getting certbot-auto updates, right?

This count was of all certbot-auto users, even those using an old version, however, the majority of that number were getting updates.

Since this affects certbot-auto, we should get a second review.

We don't have anyone available to give a 2nd review at the moment, but that's probably a good idea. I'll ping someone else when we do.

[adferrand]

Here you are!

[bmw]

Thanks a lot Adrien 😄

I'm going to hold off on merging this until we have a consensus in #8207.

[bmw]

It should be OK to merge this PR after certbot/website#629 lands.