HTTPS in the app and subdomain apps

• Apps can now detect that https in use using the X-Forwarded-Proto header (Rack::Request#ssl? uses that header internally so you're probably good already).
• We now match pow's subdomain apps support. Apps are now matched at the longest possible host, so linking an app to login.fun will make it available as login.fun.pdev.
• Fix bug where idle apps were not stopped.
• Compiled with Go 1.6.3 which should fix a OS X Sierra bug.