Configurable origin health checks

[splushii]

Sometimes the current health checks (TCP) are not enough. The current generated health checks for HAProxy is:

• http: check
• https: check ssl verify none

One example that won't work with the above simple healthchecks is when a specified origin is using https and resolves to loadbalancers that won't respond to TLS connections without SNI (for example CloudFront).

I propose that we use the existing format used for the internal ORM health check between HAProxy and Varnish (https://github.com/SVT/orm/blob/master/docs/syntax_reference.md#custom_internal_healthcheck), and extend it to support the health check customizations we need.

We could add something similar to the examples below to https://github.com/SVT/orm/blob/master/docs/syntax_reference.md#origin_object :

healthcheck:
  tcp:
    tls: True
    domain: some.servername.example.com

healthcheck:
  http:
    tls: True
    domain: some.servername.example.com
    method: GET
    path: /some/healthcheck/path

When not setting healthcheck, we need to agree on some sane default for HAProxy (inspired by #7). For example:

• http: check
• https: check ssl check-sni <domain> verify required

[splushii]

I guess we could also allow disabling health checks with something like:

healthcheck:
  disabled: True