Caddy: v2: Admin listener as unix socket

1. What would you like to have changed?

I'd like to have the ability to use a unix socket as the admin endpoint for Caddy 2

2. Why is this feature a useful, necessary, and/or important addition to this project?

It appears from the documentation that the admin interface requires a TCP listener socket, and doesn't provide authentication as far as I can tell. The issue with that is anybody who gets RCE on a box running Caddy, even as nobody, will be able to completely reconfigure Caddy. This isn't an issue with normal applications which simply read from a root-owned file on startup and reload (such as Caddy <=1).

3. What alternatives are there, or what are you doing in the meantime to work around the lack of this feature?

Alternatives that could be implemented by developers:

• Personally I would prefer to have the file-only architecture as an option, where there is no listener and Caddy would read config on startup and on receiving a reload signal and process it the same way as it would with the listener, but having the listener be a unix socket that I could set to only be writable by root would cover my security concerns. The issue is that only works on Unix, so while that covers every use case I'll ever have, it's still a wide-open hole on Windows platforms.
• Authentication on the listener would mostly cover the security issues (mostly because of the possibility of a vulnerability that could be exploited against the listener)

Alternatives for users: Not using Caddy 2.

4. Please link to any relevant issues, pull requests, or other discussions.

None I could find in a couple searches