Separate the admin API from the CA API

[tashian]

A common pattern in services that have an Admin API is to stand it up on a separate socket address.
And, since a CA is a particularly sensitive application, it could be wise for us to do the same.
There are tradeoffs, though.
What we do right now is simpler, and it is secured in the same way as the CA's certificate issuance mechanisms.
One could make the case that a separate Admin API is unnecessary and adds extra knobs and complexity most people won't use.
My only perspective here is: it's probably worth a discussion.
And, if we want to separate it, it would make sense to do that sooner than later.

This example is from the nginx unit docs:

[dopey]

via mariano - this would probably be optional to conform with other projects.