Pools, CLI, versioning, Debian packaging, HTTPS fix

- Replaced flat `backends: [...]` list on frontends with an ordered `pools:`
  list; each pool has a name and a map of backends with per-pool weights (0–100,
  default 100). Pools express priority: first pool with a healthy backend wins.
- Removed global backend weight (was on the backend, now lives in the pool).
- Config validation enforces non-empty pools, non-empty pool names, weight
  range, and consistent address families across all pools of a frontend.

- Added `PoolBackendInfo { name, weight }` and changed `PoolInfo.backends` from
  `repeated string` to `repeated PoolBackendInfo` so weights are visible over
  the API.

- Full interactive shell with readline, tab completion, and `?` inline help.
- Command tree parser (Walk) handles fixed keywords and dynamic slot nodes;
  prefix matching with exact-match priority.
- Commands: `show version/frontends/frontend/backends/backend/healthchecks/
  healthcheck`, `set backend <name> pause|resume`, `quit`/`exit`.
- `show frontend` output is hierarchical (pools → backends) with per-backend
  weights and `[disabled]` notation; pool section uses fixed-width formatting
  so ANSI color codes don't corrupt tabwriter alignment.
- `-color` flag (default true) wraps static field labels in dark-blue ANSI;
  works correctly with tabwriter because all labels carry identical-length
  escape sequences.

- `cmd/version.go` package holds `version`, `commit`, `date` vars set at build
  time via `-ldflags -X`.
- `make build` / `make build-amd64` / `make build-arm64` all inject
  `VERSION=0.1.1`, `COMMIT_HASH` (from `git rev-parse --short HEAD`), and
  `DATE` (UTC ISO-8601).
- `maglevc` prints version on interactive startup and exposes `show version`.
- `maglevd` logs version/commit/date at startup; `-version` flag prints and exits.

- `doHTTPProbe` was building a `https://` target URL even though TLS was already
  applied to the connection inside `inNetns`. `http.Transport` then wrapped the
  connection in a second TLS layer, producing "http: server gave HTTP response
  to HTTPS client". Fixed by always using `http://` in the target URL.
- Added `TestHTTPSProbe` using `httptest.NewTLSServer` to cover the full path.

- New `docs/user-guide.md`: maglevd flags/signals, maglevc commands, shell
  completion, and command-tree parser walkthrough.
- New `docs/healthchecks.md`: state machine, rise/fall model, probe intervals,
  all transition events with log examples.
- Updated `docs/config-guide.md`: pools design, removed global weight from
  backends, updated all examples.
- Updated `README.md`: packaging table, build paths, corrected binary locations
  (`/usr/sbin/maglevd`), config filename (`.yaml`).

- `debian/` directory contains `control.in`, `maglevd.service`, `default.maglev`,
  `maglev.yaml` (example config), `conffiles`, `postinst`, `prerm`.
- `debian/build-deb.sh` stages a package tree and calls `dpkg-deb`; emits
  `build/vpp-maglev_<version>~<commit>_<arch>.deb`.
- Cross-compiles for amd64 and arm64 in one `make pkg-deb` invocation.
- `maglevd` installed to `/usr/sbin/`, `maglevc` to `/usr/bin/`.
- Service reads `MAGLEV_CONFIG` from `/etc/default/maglev`
  (default: `/etc/maglev/maglev.yaml`).
- Man pages `maglevd(8)` and `maglevc(1)` live in `docs/` and are gzip'd into
  the package.
- All build output goes to `build/<arch>/`; `build/` is gitignored.

docs/maglevd.8

@@ -0,0 +1,85 @@
+.TH MAGLEVD 8 "April 2026" "vpp\-maglev" "System Administration"
+.SH NAME
+maglevd \- Maglev health\-checker daemon
+.SH SYNOPSIS
+.B maglevd
+[\fB\-config\fR \fIfile\fR]
+[\fB\-grpc\-addr\fR \fIaddr\fR]
+[\fB\-log\-level\fR \fIlevel\fR]
+[\fB\-version\fR]
+.SH DESCRIPTION
+.B maglevd
+is a health\-checker daemon that monitors backends (HTTP, TCP, ICMP) and
+exposes their aggregated state via a gRPC API.
+Configuration is loaded from a YAML file.
+A running daemon reloads its configuration when it receives
+.BR SIGHUP .
+.PP
+Backends are tracked with a rise/fall counter model.
+Each backend cycles through the states
+.BR unknown ,
+.BR up ,
+.BR down ,
+and
+.B paused
+(operator\-set).
+Health\-check intervals adapt automatically: a faster interval is used when
+a backend is not fully healthy, and a slower interval when it has been
+continuously down.
+.SH OPTIONS
+Each flag may also be supplied via an environment variable (shown in
+parentheses); the flag takes precedence.
+.TP
+.BI \-config " file"
+Path to the YAML configuration file.
+.RI "(default: " /etc/maglev/maglev.conf "; env: " MAGLEV_CONFIG )
+.TP
+.BI \-grpc\-addr " addr"
+TCP address on which the gRPC server listens.
+.RI "(default: " :9090 "; env: " MAGLEV_GRPC_ADDR )
+.TP
+.BI \-log\-level " level"
+Structured\-log verbosity:
+.BR debug ,
+.BR info ,
+.BR warn ,
+or
+.BR error .
+.RI "(default: " info "; env: " MAGLEV_LOG_LEVEL )
+.TP
+.B \-version
+Print version, commit hash, and build date, then exit.
+.SH SIGNALS
+.TP
+.B SIGHUP
+Reload the configuration file without restarting.
+New backends are added, removed backends are stopped, and unchanged
+backend workers are left running.
+.TP
+.BR SIGTERM ", " SIGINT
+Gracefully shut down: drain active gRPC streams, then exit.
+.SH FILES
+.TP
+.I /etc/maglev/maglev.conf
+Default configuration file (YAML).
+.TP
+.I /etc/default/maglev
+Environment file sourced by the systemd unit before starting
+.BR maglevd .
+.SH CONFIGURATION
+The configuration file uses YAML and has four top\-level sections under the
+.B maglev
+key:
+.BR healthchecker ,
+.BR healthchecks ,
+.BR backends ,
+and
+.BR frontends .
+.PP
+See the example at
+.I /etc/maglev/maglev.conf
+and the full reference in the project documentation.
+.SH SEE ALSO
+.BR maglevc (1)
+.SH AUTHOR
+Pim van Pelt <pim@ipng.ch>