Feature/admin: Cluster synchronisation production mode

Added configuration parameters which allow {\tt ClusterSync.pl}, if started as super-user, to change to a designated group and user identity. Running a Perl program under an assumed identity turns on the ``taint'' mechanism, so input from the transaction directory and the files within it is sanitised before being used in potentially dangerous ways (even though it should, in fact, only be coming from the CGI application, never the ``outside'').

Added much more stringent validation to {\tt ClusterSync.pl} transaction processing. Every file name submitted must begin with the ``Database Directory'' path name, and may not contain abusive (shell-interpreted) characters or sequences such as ``{\tt ..}''. In addition, all input from transaction files is single quoted when used on {\tt system()} commands to prevent attack by overlooked shell escapes. Finally, an invalid transaction type in a transaction file causes an immediate abort. Now, since we're basically using the transaction directory as an interprocess communication channel, this might be deemed paranoia, but ``you can't be too careful''. Besides, one can imagine an attack where somebody manages to hijack another CGI application and trick it into adding bogus transactions to the directory which cause {\tt ClusterSync} to do its dirty work for it.

Added an SHA1 signature as an additional line in cluster synchronisation transaction files. This signature incorporates the content of the transaction as well as our site-secret ``Confirmation signature encoding suffix'', without which it is unlikely in the extreme an attacker will be able to spoof transactions. Signature failure crashes {\tt ClusterSync}, alerting the administrator that something untoward is underway and thwarting an attacker who contemplates a brute-force search for the suffix.

Modified the {\tt Makefile} {\tt publish} and {\tt production} targets to install the cluster synchronisation program as an executable named {\tt ClusterSync} in the {\tt server}{\em n}{\tt /bin/hackdiet} directory. This allows it to work without modification with our standard {\tt /server/init} mechanism, in particular a new {\tt /server/init/hackdiet} script which starts and stops the cluster synchronisation process.

Moved the process ID file for the cluster synchronisation process to {\tt /server/run/ClusterSync/ClusterSync.pid} to conform with our standard structure in the {\tt /server} partition.