* cdn/terraform/cloudfront.tf (locals) <do_not_cache_behavior>: New
variable.
(berlin-mirror) <default_cache_behavior>: Use the new
do_not_cache_behavior.
(origin) <empty-origin>: Remove it.
* cdn/README.org: Remove the section explaining that Cuirass will no
longer be accessible via ci.guix.info.
* cdn/README.org: Mention that Terraform does not support email
subscriptions to SNS topics.
* cdn/terraform/main.tf (guix-billing-alarms): New SNS topic.
(alarm-estimated-charges-150-usd, alarm-estimated-charges-140-usd)
(alarm-estimated-charges-100-usd): New alarms.
* cdn/README.org: Mention that certificate validation requires manual
action outside of Terraform.
* cdn/terraform/main.tf (berlin-mirror-certificate): New certificate.
(berlin-mirror): Use it with SNI in the CloudFront distribution.
Before doing this, I destroyed all Terraform-managed AWS resources and
locally stored Terraform state, so we can rebuild it fresh.
* cdn/README.org: Update us-west-2 references to us-east-1.
* cdn/terraform/main.tf (terraform, guix-terraform-state): Likewise.
This is not the final version, but it gives us a good starting point.
* cdn/terraform/main.tf (berlin-mirror): New resource.
(berlin-mirror-id, berlin-mirror-status, berlin-mirror-domain-name):
New outputs.
* cdn/README.org: Update accordingly.
* .gitignore (/cdn/terraform/terraform.tfstate)
(/cdn/terraform/terraform.tfstate.backup, /cdn/terraform/.terraform):
New ignore patterns.
* cdn/README.org: New file.
* cdn/terraform/main.tf: New file.
* cdn/terraform/variables.tf: New file.
