Add configurable 'Sunset date' for log shards

[mcpherrinm]

While Sunlight is new enough we haven't even gotten logs accepted yet, we'll have to shut down log shards at some point.

It might be useful for us as operators to have a configurable 'sunset date', after which no further certificates are accepted, and no further tree heads are signed.

In typical usage, we might set that to be a few months after the NotAfter limit.

It might be nice to also clean up the log's on-disk cache at that time too, further avoiding requiring any manual intervention or external-to-sunlight automation.