Log Message:
Update sysutils/consul to 0.9.0.

BREAKING CHANGES:

- agent: Added a new `enable_script_checks` configuration option that
  defaults to `false`, meaning that in order to allow an agent to run
  health checks that execute scripts, this will need to be configured
  and set to `true`.
- api: Reworked `context` support in the API client to more closely
  match the Go standard library, and added context support to write
  requests in addition to read requests.
- ui: Since the UI is now bundled with the application we no longer
  provide a separate UI package for downloading.

FEATURES:

- agent: Added a new[`block_endpoints` configuration option that
  allows blocking HTTP API endpoints by prefix.
- cli: Added a new `consul catalog` command for reading datacenters,
  nodes, and services from the catalog.
- server: (Consul Enterprise) Added a new `consul operator area
  update` command and corresponding HTTP endpoint to allow for
  transitioning the TLS setting of network areas at runtime.
- server: (Consul Enterprise) Added a new `UpgradeVersionTag` field to
  the Autopilot config to allow for using the migration feature to
  roll out configuration or cluster changes, without having to upgrade
  Consul itself.

IMPROVEMENTS:

- agent: (Consul Enterprise) Snapshot agent rotation uses S3's
  pagination API, enabling retaining more than a 100 snapshots.
- agent: Removed registration of the `consul` service from the agent
  since it's already handled by the leader.
- agent: Changed /v1/acl/clone response to 403 (from 404) when trying
  to clone an ACL that doesn't exist.
- agent: Changed the `consul exec` ACL resolution logic to use the
  `acl_agent_token` if it's available.
- agent: Updated memberlist to get latest LAN gossip tuning based on
  the Lifeguard paper published by Hashicorp Research.
- api: Added the ability to pass in a `context` as part of the
  `QueryOptions` during a request.
- api: Changed signature for "done" channels on `agent.Monitor()` and
  `session.RenewPeriodic` methods to make them more compatible with
  `context`.
- docs: Added a complete end-to-end example of ACL bootstrapping in
  the ACL Guide.
- vendor: Updated golang.org/x/sys/unix to support IBM s390 platforms.
- agent: rewrote Docker health checks without using the Docker client
  and its dependencies.

BUG FIXES:

- agent: Fixed an issue where watch plans would take up to 10 minutes
  to close their connections and give up their file descriptors after
  reloading Consul.
- agent: (Consul Enterprise) Fixed an issue with the snapshot agent
  where it could get stuck trying to obtain the leader lock after an
  extended server outage.
- agent: Fixed HTTP health checks to allow them to set the `Host`
  header correctly on outgoing requests.
- agent: Serf snapshots can now auto recover from disk write errors
  without needing a restart.
- agent: Fixed log redacting code to properly remove tokens from log
  lines with ACL tokens in the URL itself: `/v1/acl/clone/:uuid`,
  `/v1/acl/destroy/:uuid`, `/v1/acl/info/:uuid`.
- agent: Fixed an issue in the Docker client where Docker checks would
  get EOF errors trying to connect to a volume-mounted Docker socket.
- agent: Fixed a crash when using Azure auto discovery.
- agent: Added `node` read privileges to the `acl_agent_master_token`
  by default so it can see all nodes, which enables it to be used with
  operations like `consul members`.
- agent: Fixed an issue where enabling `-disable-keyring-file` would
  cause gossip encryption to be disabled.
- agent: Fixed a race condition where checks that are not associated
  with any existing services were allowed to persist.
- agent: Stop docker checks on service deregistration and on shutdown.
- server: Updated the Raft library to pull in a fix where servers that
  are very far behind in replication can get stuck in a loop trying to
  install snapshots.
- server: Fixed a rare but serious deadlock where the Consul leader
  routine could get stuck with the Raft internal leader routine while
  waiting for the initial barrier after a leader election.
- server: Added automatic cleanup of failed Raft snapshots.
- server: (Consul Enterprise) Fixed an issue where networks areas
  would not be able to be added when the server restarts if the Raft
  log contained a specific sequence of adds and deletes for network
  areas with the same peer datacenter.
- ui: Provided a path to reset the ACL token when the current token is
  invalid.
- ui: Removed an extra fetch of the nodes resource when loading the
  UI.
- ui: Changed default ACL token type to "client" when creating ACLs.
- ui: Display a 404 error instead of a 200 when trying to load a
  nonexistent node.