Log Message:
caddy: update to 2.5.2. From pkgsrc-wip.

This version builds with Go 1.19.

v2.5.0

- Reverse proxy: Dynamic upstreams, which is the ability to get the list of
  upstreams at every request (more specifically, every iteration in the proxy
  loop of every request) rather than just once at config-load time. Dynamic
  upstream modules can be plugged in to provide Caddy with the latest list of
  backends in real-time. Two standard modules have been implemented which can
  get upstreams from SRV and A/AAAA record lookups.
  This deprecates the lookup_srv JSON field for upstreams (and srv+ scheme
  prefix in the Caddyfile), which will be removed in the future.
- Automatic HTTPS: Caddy will automatically try to get relevant certificates
  from the local Tailscale instance (if running with permission to access the
  Tailscale socket). This makes services running on a Tailscale network
  automatically available over trusted HTTPS with Caddy.
- Tracing: New OpenTelemetry integration with the tracing handler module and
  associated tracing directive.
- Reverse proxy: When using the response handlers, a new handler copy_response
  is available to copy the proxy's response back to the client, and
  copy_response_headers may be used to selectively copy header values from the
  proxy's response.
- API: Added new endpoints /pki/ca/<id> and /pki/ca/<id>/certificates for
  getting information about Caddy's managed CAs, including the chain of root
  and intermediate certificates.

v2.5.1

- Fixed regression in Unix socket admin endpoints.
- Fixed regression in caddy trust commands.
- Hash-based load balancing policies (ip_hash, uri_hash, header, and cookie)
  use an improved highest-random-weight (HRW) algorithm for increased
  consistency. The new rendezvous hash will ensure a client or request is
  consistently mapped to a particular upstream even if the list of upstreams
  changes.
- The reverse proxy is now able to rewrite the method and URI on its internal
  copy of the request that goes to the upstream. Combined with new
  handle_response capabilities, this enables the reverse proxy to fire off
  "pre-check requests" (for lack of a better term) to make routing \ 
decisions
  based on the results of that call. This enables a commonly-emerging pattern
  called forward authentication wherein a backend is queried to assess a client's
  authorization to be proxied. The full, verbose config for this is very flexible
  but tedious, so we made a new wrapper directive called forward_auth that
  eliminates the boilerplate.

v2.5.2

- New /adapt admin endpoint: Use your installed config adapters via API in
  addition to the existing caddy adapt CLI command.
- New Etag/If-Match support for config API: Safely update your config
  concurrently and avoid collisions by using our unique Etag implementation.
- Rename copied headers from reverse_proxy: If you're using handle_response,
  you can more easily map headers to a different name for clients.
- Many HTTP matchers have been added to CEL: You can now use the logic of our
  HTTP request matchers in CEL expressions.
- Notable bug fixes: EAB reuse, various QUIC & HTTP/3 fixes, more specific HTTP
  status codes, various reverse proxy fixes.