add 'processing' state to challenges

[alexzorin]

For #380 (comment).

Keeping track of when a challenge is in the processing state means we will be able to then include a Retry-After response header for authorizations, as described in:

To check on the status of an authorization, the client sends a POST-
as-GET request to the authorization URL, and the server responds with
the current authorization object. In responding to poll requests
while the validation is still in progress, the server MUST return a
200 (OK) response and MAY include a Retry-After header field to
suggest a polling interval to the client.

One extra side effect here is that clients will no longer be able to cause Pebble to queue up a pending challenge multiple times for processing by a VA. This seems like a good thing anyway.

[alexzorin]

On second thought, this is still racey. I guess we have to set the status earlier, when we hold the lock to check that the current status is pending.

I tried a different approach, by taking a short lock to check the status again, right before we send the challenge to the VA. It's a bit duplicative but I can't think of anything better 🤷 .

[aarongable]

LGTM, but I'd like a second set of eyes on this, since I'm actually not very familiar with Pebble's in-memory datastore and the locking necessary to work with it safely. @jsha?

[moratori]

@jsha I wonder if you could review this PR.

[jsha]

Thanks very much!