remove "Control Port" (and private/control.furl)

[warner]

There's a little-used "control port" in the tahoe client, accessible through Foolscap by someone who can read NODEDIR/private/control.furl (which in practice means only the node admin). The original idea was to provide a Foolscap-based frontend with more features (or at least more security) than the HTTP-based frontend. But that never took off, and at this point, there are only two consumers:

• automated performance tests in source:src/allmydata/test/check_speed.py
• automated memory-footprint tests in source:src/allmydata/test/check_memory.py

The methods it provides are:

• wait_for_client_connections()
• upload_from_file_to_uri()
• download_from_uri_to_file()
• speed_test()
• get_memory_usage()
• measure_peer_response_time()

David-Sarah argues that it provides excess authority, specifically due to the fact that the upload/download methods accept local filenames (like remote_upload_from_file_to_uri() which accepts a local disk filename and uploads it to the grid, returning the filecap, which could be used to upload e.g. ~/.tahoe/private/aliases.txt. This makes it unsafe to share control.furl with anyone who is not supposed to get control of the user account running the node.

David-Sarah would like to remove it for 1.10. To do that, we'd need to either give up the automated performance and memory-footprint tests, or find a way to rewrite them (which would probably mean adding new authorities into the HTTP-based webapi, at least for get_memory_usage() and measure_peer_response_time()).

We could also address the excess authority by changing the upload/download methods (maybe using empty tempfiles of given sizes, and *not* accepting a filename at all). That would probably let us preserve the automated tests without too many changes.