[securedrop-proxy] Add proper setup.py based on setuptools

[kushaldas]

To package the tool into a proper Debian package, we need one (or more) setup.py files having the right files. We will need two different setup.py files and two different source tarballs as we will have to install different files in the different vms.

Please follow the packaging guidelines for the Python projects as a reference.

[kushaldas]

The next step would be figuring out if we want to use furl module in the proxy or not. Based on that input we can start packaging this tool. @redshiftzero @conorsch @joshuathayer comments / suggestions?

[conorsch]

The next step would be figuring out if we want to use furl module in the proxy or not

I assume that's because furl is not packaged in the Debian repos? We make such minimal use of it right now, looks like an easy swap to e.g. urllib.parse.urljoin & friends. In order to reduce external dependencies, would be happy to use the core alternative.

[redshiftzero]

I think the next steps here are to:

1. Investigate how quickly Debian responds to security updates for packages e.g. werkzeug (if we want to use the Debian packages) - this impacts the general packaging strategy
2. If that looks good, scope whether it would be more work to package furl or simply get rid of that dependency and include that logic in this repo
3. Then we are good to package

[redshiftzero]

Ah @conorsch just pointed me to this issue: freedomofpress/securedrop-workstation#136

I think that is a dependency for further work here.

[kushaldas]

https://packages.debian.org/search?keywords=python-flask says Sid has 1.0.2-1: all and Stretch on 0.12.1-1: all. I could not find any bug tracker entry for the same CVE https://bugs.debian.org/cgi-bin/pkgreport.cgi?dist=unstable;package=python-flask