[MDC-506] simet-openwrt-feed: simet-openwrt-base: add http timesync

[MDC-506] simet-openwrt-feed: simet-openwrt-base: add http timesync

OpenWRT typically depends on NTP to set the system time properly on
devices that lack an RTC (such as most of the wifi routers, for
example).  It does have a sysfixtime init script that updates the clock
to the date of the newest file it can find in /etc.

Unfortunately, this strategy to update the system clock is not anywhere
near enough if firmware is too old: the system time may be so out of
sync that TLS certificate validation will stop working.  Let's encrypt
certificates, for example, requires the system clock to be within 90
days of the issuance date of the certificate.

Eventually, volumetric DDoS attacks became trendy, ISPs got massive
numbers of notifications about their misconfigured network equipment
being used in NTP-based amplification attacks, and *of course* a
fraction of them deployed improperly configured defenses that blocked
subscriber access to NTP servers instead of fixing things properly.

This, in turn, caused their subscriber's IoT devices that lacked an RTC
to be widely out-of-date, enough that they could not reach TLS-protected
firmware update servers(!!!!) or external APIs.  OpenWRT on RTC-lacking
devices being no exception.

Add a hotplug script that attempts to set the system clock from a plain
HTTP server.  HTTPS/TLS *must not* be used for this, since certificate
validation would have to be disabled: it would just increase the danger
of a remote root exploit.

The hotplug script uses a semasphore in /var/run to set the system clock
once per boot (and it will do no harm if it runs several instances in
parallel).

Note that an attacker can easily MITM this and set the clock too much
into the future, effectively keeping the device crippled as far as TLS
goes.  This is no worse than the clock being widely into the past,
though.