Serve FFMUC's freifunk.net subdomains with Bind and request LE certificates

[DasSkelett]

This is already live on our systems and the commit already part of the main branch of the local salt repo on docker05.

This PR is for completeness sake and to ask for improvement suggestions, which we can apply in future commits.

Thanks a lot to @GoliathLabs who did this together with me.

---

• Add the following zones to our authoriative servers:
  • muenchen.freifunk.net
  • münchen.freifunk.net
  • augsburg.freifunk.net (not delegated by freifunk.net yet)
  • wertingen.freifunk.net
  • donau-ries.freifunk.net
• Forward DNS requests for these domains to the auth servers in dnsdist
• Set up certbot for a second certificate which includes above mentioned domains (except augsburg.freifunk.net for now).
  We use the DNS-01 ACME challenge, interfacing with our own auth servers using DDNS.
  This is implemented using a cmd.run state as Salt's acme module interface doesn't support custom actions.
• Restructure nginx config for ffmuc.net to handle these additional domains with a separate certificate.

---

TODOs:

• Get the list of authoritative nameservers for the ddns update script from netbox (hardcoded right now)
• At least find a way that the certbot run only reports changes when it actually received a new cert from LE
• Ideally get the acme module extended to support the "manual unsupervised" mode
• Extend the ddns module to support two records of the same type, so that we can specify the AAAA & A records the same way as all the other records (right now they can't easily be changed, changes to the zone files do not get read by Bind, even after restarts).

[awlx]

Nice work! Thank you!