This lets us remove an assertion, because `pathWith` can require that a
file not be in the store.
Note that the old assertion didn't quite do what we wanted: it prevented
you from using top level store paths (such as
`/nix/store/gg8578vvbcf1wpqvk85bigi5s4pvylkk-test-certificates`), but was
ok with sub-files (such as
`/nix/store/gg8578vvbcf1wpqvk85bigi5s4pvylkk-test-certificates/intermediate-password-file`).
Now that we're stricter, we need some way to populate
`intermediatePasswordFile` in our test without making the type unhappy.
I opted to solve that by creating a file in `/etc`.
On my machine, I see that this `curl` command often fails. This is
because the caddy server hasn't finished the ACME dance with the step-ca
server yet.
This seems like the simplest fix. Alternatives I considered (and would
be happy to implement if folks prefer):
- Use `wait_for_file` to wait for the certificate to appear
- Increase caddy's log level and scrape its logs for the "certificate obtained"
message.
