For cfg, sec and usr objects.

Example:

	$ curl -s -k -o- -u cva:xxx -X PATCH -H "Content-Type: application/json" --data '[{"key": "foo1", "bytes": "YmFyCg==", "action": "add"},{"key": "foo2", "string": "bar", "action": "add"}]' https://localhost:1215/object/path/test/cfg/hdoc/keys

	$ om test/cfg/hdoc decode --key foo1
	bar

	$ om test/cfg/hdoc decode --key foo2
	bar

GET    /object/path/:ns/:kind/:name/kvstore?key=k1&key=k2
PATCH  /object/path/:ns/:kind/:name/kvstore
GET    /object/path/:ns/:kind/:name/kvstore/entry?key=...
POST   /object/path/:ns/:kind/:name/kvstore/entry?key=...
DELETE /object/path/:ns/:kind/:name/kvstore/entry?key=...

GET /object/path/:ns/:kind/:name/kvstore/keys

This code was in object.Keystore instances. Move it to util/uri
so omcmd and oxcmd can use it.

Remove these from the Keystore interface:

* AddKeyFrom
* PrepareAddKeyFrom
* ChangeKeyFrom
* PrepareChangeKeyFrom

It's much more sane to have the client download or read local
files himself, instead of allowing a read privilege escalation
via the daemon api or "sudo om cfg add --key".

Example:

root@dev2n1:~/dev/om3# bin/ox system/** keys
OBJECT          NODE   KEY
system/sec/ca   dev2n1 private_key
system/sec/ca   dev2n1 certificate
system/sec/ca   dev2n1 certificate_chain
system/sec/ca   dev2n1 fullpem
system/sec/cert dev2n1 private_key
system/sec/cert dev2n1 certificate
system/sec/cert dev2n1 certificate_chain
system/sec/cert dev2n1 fullpem
system/usr/cva  dev2n1 password

Example:

	$ bin/ox '**' keys
	OBJECT          NODE   KEY               SIZE
	system/sec/cert dev2n1 private_key       4606
	system/sec/cert dev2n1 certificate       2582
	system/sec/cert dev2n1 certificate_chain 4658
	system/sec/cert dev2n1 fullpem           8982
	test/cfg/hdoc   dev2n1 config.json       1159
	test/cfg/hdoc   dev2n1 foo1              15
	test/cfg/hdoc   dev2n1 hosts             8
	test/cfg/hdoc   dev2n1 protocols         4199
	test/cfg/hdoc   dev2n1 foo2              4199
	system/sec/ca   dev2n1 private_key       4606
	system/sec/ca   dev2n1 certificate       2642
	system/sec/ca   dev2n1 certificate_chain 2642
	system/sec/ca   dev2n1 fullpem           6962
	system/usr/cva  dev2n1 password          194
	cfg/foo2        dev2n2 foo               11

* Implement the "add|change --from <dir>"

* Make change behave as a upsert. add is the action to use when
you don't want to overwrite existing keys.

* Use the PATCH /object/path/:ns/:kd/:name/kvstore handler to
add and change keys, as --from <dir> can feed multiple keys at
once. The change is transactional: either all or no key changes
are commited.

object.New<interface> should verify the type cast worked, and
raise a new object.ErrWrongType error if not.

The api handlers now emit a "Bad Request" response if they
get a object.ErrWrongType, and "Internal Server Error" is still
used for all other errors.

For example:

	$ om foo set --kw fs#1type=flag

would panic on:

	panic: runtime error: invalid memory address or nil pointer dereference
	[signal SIGSEGV: segmentation violation code=0x1 addr=0x30 pc=0xc8b545]

	goroutine 1 [running]:
	github.com/cvaroqui/ini.(*Key).Value(...)
	    /root/go/pkg/mod/github.com/cvaroqui/[email protected]/key.go:110
	github.com/opensvc/om3/core/xconfig.(*T).set.func1({{{0xc003da00d0, 0x8}, {0x0, 0x0}}, 0x1, {0xc003da00d9, 0x4}, 0x0})
	    /root/dev/om3/core/xconfig/main.go:527 +0x65

Add a test, so that this bogus set would produce a clean:

	Error: invalid key in fs#1type=flag