Secondary mirror should accept requests for www.tails.net

Right now:

• www.tails.net is a CNAME record for tails.net
• tails.net is an A record and randomly returns the IPs of www1 and www2
• www2 doesn't have the TLS cert and Nginx config for www.tails.net.

Problems:

• Our current monitoring for www.tails.net sometimes hits www2 and flags a failure.
• We don't have consistent TLS checks for all domains in all mirrors.

To-do

• Add a www.tails.net → tails.net redirect to www2 → puppet-tails!159 (merged)
• Pin TLS checks of tails.net and www.tails.net to specific IPs → puppet-tails!160 (merged)