Please merge a 5.7.x version for Ubuntu 19.04

I did the usual pass on open bugs and closed a few that were waiting for comment/triage only.
A set of others I identified as easy fixes while doing the merge.

Currently strongswan is in disco-proposed (a rebuild) but blocked on unbound which is blocked on a monero autopkgtest.

In Debian, no these can be dropped:
- d/usr.lib.ipsec.charon, d/usr/sbin/charon-systemd: Add support for usr-merge, thanks to Christian Ehrhardt. LP: #1784023
* SECURITY UPDATE: Insufficient input validation in gmp plugin - debian/patches/strongswan-5.6.1-5.6.3_gmp-pkcs1-verify.patch
  CVE-2018-16151
  CVE-2018-16152
* SECURITY UPDATE: Insufficient input validation in gmp plugin - debian/patches/strongswan-4.4.0-5.7.0_gmp-pkcs1-overflow.patch
CVE-2018-17540

Part of our mass enabling is also in Debian as chapoly is enabled there now.
But not yet the bulk of it (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848890) so the merge stays big for now.

configure: WARNING: unrecognized options: --disable-maintainer-mode, --with-tss, --enable-imc-swid, --enable-imv-swid, --enable-unit-tests

Which also matches:
dh_install: Cannot find (any matches for) "usr/share/strongswan/swidtag/strongswan.org__strongSwan-*.swidtag" (tried in ., debian/tmp)

And:
sh: 1: /usr/local/bin/swid_generator

Lets analyze them one by one:
1. --enable-imc-swid, --enable-imv-swid
   swid was replaced by swima
   switch config flags and check files installed that changed
2. --with-tss
   split into either --enable-tss-trousers (matches old code) or --enable-tss-tss2
3. --disable-maintainer-mode
   remains a mystery but is non fatal
4. --enable-unit-tests
   was dropped in 5.1.1 (shame)
   Is enabled by default now
5. swid_generator - should no more be needed
   we don't specify anythin swid'y anymore

Rebuild with all those ...

New coe, new features, new files mostly due to the swid/swima changes:
usr/share/strongswan/swidtag/strongswan.org__strongSwan-5-7-1.swidtag
-> goes where the old swidtag went

usr/share/strongswan/templates/database/sw-collector/sw_collector_tables.sql
usr/share/man/man8/sw-collector.8
usr/sbin/sw-collector
-> IMC belongs as plugin to tnc-imc along entries in debian/strongswan-tnc-client.install

usr/share/strongswan/templates/config/strongswan.d/sec-updater.conf
usr/share/man/man8/sec-updater.8
usr/sbin/sec-updater
etc/strongswan.d/sec-updater.conf
-> IMV belongs as plugin to tnc-imc along entries in debian/strongswan-tnc-server.install

Hrm :-/
we all missed that the new build introduces component mismatches.
Nothing particularly new, but I need to sort that out ...

Two mismatches:
1. network-manager-strongswan
2. libtspi1

#1 - that is odd.
As strongswan has that dep since 2009 in version 4.2.14-1
The Dep is from binary strongswan-nm - maybe the dependencies to that increased?
New strongswan-nm:
 Depends: libc6 (>= 2.4), libglib2.0-0 (>= 2.37.3), libnm0 (>= 1.1.90), libstrongswan, strongswan-libcharon
 Recommends: network-manager-strongswan
Old strongswan-nm:
 Depends: libc6 (>= 2.4), libglib2.0-0 (>= 2.37.3), libnm0 (>= 1.1.90), libstrongswan, strongswan-libcharon
 Recommends: network-manager-strongswan
Eventually this isn't a mismatch - strongswan-nm is in universe (and stays there).
So #1 is ok

#2 is more interesting
libtspi1 is from source "trousers"
- We already had used trousers --with-tss=trousers in older builds, but something makes a difference now (maybe new config/link behavior)
- Old: https://launchpadlibrarian.net/396959894/buildlog_ubuntu-disco-amd64.strongswan_5.6.3-1ubuntu5_BUILDING.txt.gz
- New: https://launchpadlibrarian.net/400421493/buildlog_ubuntu-disco-amd64.strongswan_5.7.1-1ubuntu1_BUILDING.txt.gz
- Also libtspi-dev was a build dependency already in the past.
- But only in the new build it seems actually be used:
  checking for Tspi_Context_Create in -ltspi... yes
  checking trousers/tss.h usability... yes
  checking trousers/tss.h presence... yes
  checking for trousers/tss.h... yes
Then builds have -ltspi and eventually the extra plugins depend on libtspi1 (>= 0.3.1)

The reason is worth a smile.
Yes our Delta (the one I inherited) always enabled tss-trousers in d/rules:
    --with-tss=trousers
But on this merge I realized that it seems broken and fixed it, as it now has to be:
    --enable-tss-trousers

But this changed a while back, in fact this is not working since Bionic.
That said it was in main in trusty [1] and xenial [2] so we fixed the bug that it was dropped by accident in former releases - since no one was yelling for it I won't SRU it back, but fixing it now seems right.

Versions seem pretty stable and slow moving, with xenial that we had in main being just one minor version older than all we have up to now.

libtspi1:
  Installed: (none)
  Candidate: 0.3.13-4
  Version table:
     0.3.13-4 500
        500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
libtspi1:
  Installed: 0.3.14+fixed1-1build1
  Candidate: 0.3.14+fixed1-1build1
  Version table:
 *** 0.3.14+fixed1-1build1 500
        500 http://archive.ubuntu.com/ubuntu disco/universe amd64 Packages
        100 /var/lib/dpkg/status

Based on bug 247590 I'll ask to re-resolve that component mismatch.

[1]: https://launchpadlibrarian.net/172822341/buildlog_ubuntu-trusty-amd64.strongswan_5.1.2-0ubuntu2_UPLOADING.txt.gz
[2]: https://launchpadlibrarian.net/251833809/buildlog_ubuntu-xenial-amd64.strongswan_5.3.5-1ubuntu3_BUILDING.txt.gz

Added a AA Task on bug 247590 as Doko wasn't available yesterday.

FYI mismatch resolved, thanks Doko!

This bug was fixed in the package strongswan - 5.7.1-1ubuntu1

---------------
strongswan (5.7.1-1ubuntu1) disco; urgency=medium

  * Merge with Debian unstable (LP: #1806401). Remaining changes:
    - Clean up d/strongswan-starter.postinst: section about runlevel changes
    - Clean up d/strongswan-starter.postinst: Removed entire section on
      opportunistic encryption disabling - this was never in strongSwan and
      won't be see upstream issue #2160.
    - d/rules: Removed patching ipsec.conf on build (not using the
      debconf-managed config.)
    - d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was
      used for debconf-managed include of private key).
    - Mass enablement of extra plugins and features to allow a user to use
      strongswan for a variety of extra use cases without having to rebuild.
      + d/control: Add required additional build-deps
      + d/control: Mention addtionally enabled plugins
      + d/rules: Enable features at configure stage
      + d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
      + d/libstrongswan.install: Add plugins (so, conf)
    - d/strongswan-starter.install: Install pool feature, which is useful since
      we have attr-sql plugin enabled as well using it.
    - Add plugin kernel-libipsec to allow the use of strongswan in containers
      via this userspace implementation (please do note that this is still
      considered experimental by upstream).
      + d/libcharon-extra-plugins.install: Add kernel-libipsec components
      + d/control: List kernel-libipsec plugin at extra plugins description
      + d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
        upstream recommends to not load kernel-libipsec by default.
    - Relocate tnc plugin
      + debian/libcharon-extra-plugins.install: Drop tnc from extra plugins
      + Add new subpackage for TNC in d/strongswan-tnc-* and d/control
    - d/libstrongswan.install: Reorder conf and .so alphabetically
    - d/libstrongswan.install: Add kernel-netlink configuration files
    - Complete the disabling of libfast; This was partially accepted in Debian,
      it is no more packaging medcli and medsrv, but still builds and
      mentions it.
      + d/rules: Add --disable-fast to avoid build time and dependencies
      + d/control: Remove medcli, medsrv from package description
    - d/control: Mention mgf1 plugin which is in libstrongswan now
    - Add now built (since 5.5.1) libraries libtpmtss and nttfft to
      libstrongswan-extra-plugins (no deps from default plugins).
    - d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
      plugins for the most common use cases from extra-plugins into a new
      standard-plugins package. This will allow those use cases without pulling
      in too much more plugins (a bit like the tnc package). Recommend that
      package from strongswan-libcharon.
    - d/usr.sbin.charon-systemd: allow to contact mysql for sql and
      attr-sql plugins (LP #1766240)
    - d/usr.lib.ipsec.charon: allow reading of own FDs (LP #1786250)
  * Added Changes:
    - d/p/lp1795813-mysql-Don-t-release-the-connection-if-transactions-a.patch:
      fix SIG...