py-certbot: updated to 0.32.0

Added
If possible, Certbot uses built-in support for OCSP from recent cryptography versions instead of the OpenSSL binary: as a consequence Certbot does not need the OpenSSL binary to be installed anymore if cryptography>=2.5 is installed.

Changed
Certbot and its acme module now depend on josepy>=1.1.0 to avoid printing the warnings described at https://github.com/certbot/josepy/issues/13.
Apache plugin now respects CERTBOT_DOCS environment variable when adding command line defaults.
The running of manual plugin hooks is now always included in Certbot's log output.
Tests execution for certbot, certbot-apache and certbot-nginx packages now relies on pytest.
An ACME CA server may return a "Retry-After" HTTP header on authorization polling, as specified in the ACME protocol, to indicate when the next polling should occur. Certbot now reads this header if set and respect its value.
The acme module avoids sending the keyAuthorization field in the JWS payload when responding to a challenge as the field is not included in the current ACME protocol. To ease the migration path for ACME CA servers, Certbot and its acme module will first try the request without the keyAuthorization field but will temporarily retry the request with the field included if a malformed error is received. This fallback will be removed in version 0.34.0.

(adam)