Kafkacrypto

This release fixes one high severity security flaw in the chain processing code: due to a mistake in the handling of "match everything" regexes, it was possible for sub-certificates to override parent constraints. This scenario is detectable by the signer prior to signing, but due to the potential for misuse if signer does not refuse to sign, this is considered high risk.

This release includes a number of important bugfixes, including:
1. adding compatibility with msgpack 1.0.0.
2. as part of 1, added appropriate str/bin support in a backwards-compatible fashion that will, once all systems are running 0.9.9.6 or later, enable switching off of the compatibility components with full msgpack 1 support.
3. ensure appropriate logging levels are always set.
4. fix regex constraint comparisons to allow the special case of a "match everything" regex.

This release includes a number of important bugfixes, including:
1. ensuring that key ids are computed from the node's ID public key, not name, to prevent name clashes.
2. improved file initialization so that non-found values in existing files are appropriately added.
3. improved error handling in the deserializer to avoid unnecessary exceptions.
4. fix double-encryption of already encrypted messages being reserialized.

Improve file initialization, particularly of kafka required SSL CA store, when not present.

Fix one critical bug in pathlength parsing code with path-limited roots of trust.

Continued minor bugfixes. This version also includes automatic initialization of the relevant crypto files if not present. This simplifies use of the package, as well as simplifying the tools for provisioning.