Only serve over HTTPS, optionally auto-generating certificates

Because MoneyGo requires sending passwords and session cookies, we
should never serve over HTTP. While we're at it, make it more convenient
for folks to test this out by adding a config option to auto-generate
self-signed certificates.

example_config.ini

@@ -1,10 +1,10 @@
 [moneygo]
 
-# Whether to serve as FastCGI (default is false, for HTTP)
+# Whether to serve as FastCGI (default is false, for HTTPS)
 fcgi = false
 
-# Port to serve FCGI or HTTP on
-port = 8080
+# Port on which to serve HTTPS or FCGI
+port = 8443
 
 # Base directory for serving files out of. This should point to the root of the
 # moneygo source directory
@@ -25,3 +25,18 @@ db-type = sqlite3
 # Postgres documentation: https://godoc.org/github.com/lib/pq
 #            example DSN: "postgres://user:password@localhost/dbname"
 db-dsn = file:moneygo.sqlite?cache=shared&mode=rwc
+
+
+[https]
+# If 'fcgi = false', the following paths to a SSL certificate and the paired
+# private key are used when serving HTTPS
+cert-file = ./cert.pem
+key-file = ./key.pem
+
+# Attempt to generate self-signed certificates if the certificate files
+# specified above are missing or invalid. This should *never* be set to 'true'
+# for any environment where security is important (including but not limited to
+# production systems)
+generate-certs-if-absent = false
+# A CSV list of hostnames to generate the above certs for
+generate-certs-hosts = localhost,127.0.0.1