Store the address cache in `/var/cache`

[gsliepen]

On Linux and BSD, we should store the address cache inside a subdirectory of /var/cache, and things like invitation files that are dynamically generated at runtime but should be preserved across reboots inside '/var/lib'. This allows us to keep /etc immutable, allowing better hardening.

[pfactum]

Reasoning:

[12:22] <post-factum> guus: hello. shouldn't `/etc/tinc/<network>/cache` go into `/var/cache` instead?
[21:28] <guus> post-factum: good point, I've created a ticket for that.

and extra bits for RFE:

[21:33] <post-factum> guus: while we are on it. could you please also consider: 1) /var/lib for things like invitations as this is a runtime state iiuc; 2) making all these dirs compile time configurable?
[21:40] <post-factum> guus: to put it into a context: i'm hardening tinc in my setups via systemd, and also trying to do everything as suggested by systemd best practices (see https://build.opensuse.org/package/view_file/home:post-factum/tinc-next/tinc@.service?expand=1) aka running it under dynamic user, limiting capabilities, filtering syscalls etc. this includes using separate directories for configuration, cache, state
[21:40] <post-factum> also, credentials, btw
[21:41] <post-factum> while i understand tinc has to be run on various platforms that do not care about systemd, having all those paths configurable during build time would be highly-highly appreciated
[21:45] <post-factum> for now i symlink `/etc/tinc/<net>/cache` to `/var/cache/tinc/<net>`, and `/etc/tinc/<net>/invitations` to `/var/lib/tinc/<net>/invitations` in order to make that work, but using symlinks is meh

[gsliepen]

This is a good idea. We would have to deal with legacy tinc 1.1pre installations that already have invitations in /etc, and we also need to see how to deal with this when the --chroot option is used.