new package certifix-client uses certifix to sign ssl client cert

this is initially for TLS-enabled logging but would be useful for
anything on a liminix box that wants to talk to a network service in a
"zero trust" setup

pkgs/certifix-client/default.nix

@@ -0,0 +1,36 @@
+{
+  fetchurl,
+  writeFennel,
+  fennel,
+  fennelrepl,
+  runCommand,
+  lua,
+  anoia,
+  lualinux,
+  fetch-freebsd,
+  openssl,
+  luaossl',
+  stdenv
+}:
+let name = "certifix-client";
+in stdenv.mkDerivation {
+  inherit name;
+  src = ./.;
+
+  buildInputs = [fetch-freebsd openssl lua];
+
+  buildPhase = "";
+  installPhase = ''
+    mkdir -p $out/bin
+    cp -p ${writeFennel name {
+      packages = [
+        fetch-freebsd
+        fennel
+        anoia
+        lualinux
+        luaossl'
+      ] ;
+      mainFunction = "run";
+    } ./${name}.fnl } $out/bin/${name}
+  '';
+}