[securedrop-proxy] Move sd-proxy.yaml into private volume

[eloquence]

As part of template consolidation (freedomofpress/securedrop-workstation#471), we'll want to make sure that potentially sensitive configuration files are restricted to the AppVMs that need to access them. sd-proxy.yaml contains the Journalist Interface onion address, so it's best to err on the side of caution and ensure it's only available to the sd-proxy AppVM post-consolidation. We can do this by installing the file in the private volume (e.g., into /home/user), instead of into /etc.

[conorsch]

There are two required changes here:

1. Update the securedrop-proxy repo to point to a private volume path (e.g. /home/user/.securedrop_proxy/sd-proxy.yaml) in the qubes-rpc config: https://github.com/freedomofpress/securedrop-proxy/blob/683ba7bd99291ad768f68b48f4bfd19aa35b9fbb/qubes/securedrop.Proxy
2. Update the salt logic over in securedrop-workstation to write the yaml config file in that new location, based on the template including site-specific info like the Onion URL.

Both are rather minor changes. While we're rearranging, though, it's worth asking: why do we manage the rpc file as part of the app code repo? We could move to the packaging repo. Perhaps more relevant is: why require that the fullpath to the config file be hardcoded in the rpc file? Given that both the rpc file and the salt logic to provision the template with site-specific info must correspond, the location of the config is very much not configurable—not even when dev: True in the securedrop-proxy environment.