* introduce configuration settings for TLS insecurity, tracing requests
and responses
* use more secure implementation when replacing JMAP placeholders in
URL templates, path escaping them to avoid injection
* add more efficient tracing of HTTP requests and responses between the
Groupware backend and the JMAP server, with the possibility of
specifying a maximum body size to trace, to avoid blowing up the logs
* use more efficient string building for HTTP Authorization headers
* change internal API to use streams (io.Reader) instead of reading
JSON responses fully into memory before parsing them