Support listening on file descriptors

[gucci-on-fleek]

Fixes caddyserver/caddy#7525.

I've tested this with the following Caddyfile

{
	debug

	servers {
		trace
	}

	acme_ca https://acme-staging-v02.api.letsencrypt.org/directory

	auto_https disable_redirects
	default_bind fd/4 {
		protocols h1 h2
	}
}

http:// {
	bind fd/3
	redir https://{host}{uri} permanent
}

testing.958386.xyz { # Replace with your own domain
	log {
		level DEBUG
		format console
	}

	respond "Hello, world!"
}

by running the following command:

$ xcaddy build master --with=github.com/caddyserver/certmagic=.
$ systemd-socket-activate --now --listen=0.0.0.0:80 --listen=0.0.0.0:443 ./caddy run --config=./Caddyfile

I confirmed that

1. I could not get a certificate without this commit.
2. With this commit applied, I could get a freshly-issued certificate, and Caddy served it properly.
3. I could still get fresh certificates in the regular non-socket-activation case.
4. The tests I added all pass.

I've only tested this on Linux x86_64, but other platforms should hopefully be fine. The Dup code is fairly ugly, and I'm not 100% sure if it's necessary or not, but I know that closing someone else's file descriptors is a bad idea, so I added it just to be safe.

[mholt]

Thanks, I think this is good overall; just a random question that I might want to look into, since it could be indicative of something sloppy I did elsewhere.

We just need the tests to pass first!

[gucci-on-fleek]

Whoops, missed pushing some of my changes to the tests, let's see if they pass now. (They've always passed locally, it's only in GitHub Actions where they're failing)

[mholt]

Ha, I know how that goes. Thanks!