Signed-off-by: Eric S. Raymond <esr@thyrsus.com>

This fixes some issues with 672240ab (Use syslog facility when irkerd
is backgtrounded and no -l was given, 2014-05-31):

* Shift the 'os' import to keep the stdlib imports alphabetized.
* Move the syslog docs from a stand-alone paragraph into the
  -d/--log-level section.
* Add some text to the -d/--log-level docs explaining the distinction
  between the -l/--log-file traffic logs and the -d/--log-level
  program-tracing logs.
* StreamHandler logs to standard error (not standard output) by
  default [1].  Change "stndard output" to "standard error".
* Add articles to background and foreground ("the background").
* Fix a "packground" -> "background" typo.
* Explain our background-detection logic, and point out some of the
  assumptions made by the current implementation.  I still think that
  it's better to have an explicit --syslog setting, and to leave it to
  packagers/users to descide explicitly if they prefer logging to
  syslog or stderr.  But whatever the syslog-switching logic is, it
  should be clearly documented so folks don't have to read the source
  to understand it.

[1]: https://docs.python.org/3/library/logging.handlers.html#logging.StreamHandler



Signed-off-by: Eric S. Raymond <esr@thyrsus.com>

And use them (when present) as the USER username [1] and server PASS
[2] respectively.  The previous implementation gave no way to set
PASS, which will vary on a per-target-server level.  There's unlikely
to be much need to set per-server usernames, except collision
avoidance (e.g. network X already has an 'irker' user).

I changed the existing IRCServerConnection.connect argument from
'ircname' to 'realname' to match the USER specs and our
IRCServerConnection.user implementation.  The 'realname' and
'username' arguments are currently unset, but you could add command
line options to set irker-wide defaults, and use the kwargs chain to
pass them down to the connect method.  The fallback logic is:

* Prefer the setting listed in the URL (although you'd need to add a
  parser to extract 'realname').  If that's empty or missing, fall
  back to
* The irker-wide default passed down the kwargs chain.  If that's
  empty or missing, fall back to
* Local defaults ('irker' and 'irker relaying client').

I also tweaked the servername and port extraction in
Target.__init__(), because they are already parsed out of the netloc
(along with the username and password) by urlparse().

[1]: https://tools.ietf.org/html/rfc2812#section-3.1.3
[2]: https://tools.ietf.org/html/rfc2812#section-3.1.1

This is pretty basic, just using as much of Python's ssl module as the
host Python implementation supports.  I also added error-level logging
of IRCServerConnectionError instances, to get helpful messages like:

  Invalid SSL/TLS certificate:
  hostname 'localhost' doesn't match 'irc.example.net'

and:

  Couldn't connect to socket: _ssl.c:334: No root certificates
  specified for verification of other-side certificates.

Important milestones in the standard library's ssl module:

* Python 2.5 [1,2]: No ssl module at all
* Python 2.6 [1,2]: ssl module added
* Python 3.2 [3,4]: ssl.SSLContext class added, with
  SSLContext.set_default_verify_paths [4].  ssl.match_hostname is also
  added [5], which can be used with the existing getpeercert [6] to
  ensure the server certificate belongs to the target host.

So for full verification, we need Python 3.2.  We can scrape by with
2.6 and later, by manually supplying a ca_certs path and ignoring
hostname mismatches.  That's more succeptible to man-in-the-middle
attacks, but still better than sending server, nick, and channel
passwords in plaintext.

[1]: http://docs.python.org/2/library/ssl.html
[2]: http://docs.python.org/2/whatsnew/2.6.html#improved-ssl-support
[3]: http://docs.python.org/3/whatsnew/3.2.html#ssl
[4]: http://docs.python.org/3/library/ssl.html#ssl.SSLContext.set_default_verify_paths
[5]: http://docs.python.org/3/library/ssl.html#ssl.match_hostname
[6]: http://docs.python.org/2/library/ssl.html#ssl.SSLSocket.getpeercert

Signed-off-by: Eric S. Raymond <esr@thyrsus.com>

- invalid options should print usage