Support a staging environment for testing changes to applications

Currently only the production environment exists for web applications that are deployed. While that's fine, it can cause some trouble and outages with untested changes.

A staging environment would replicate the production environment as closely as possible - it would be within the cluster, have similar access to system components, but be... not production.

A few components that would need to be addressed:

• Ingress - it's no good to deploy services that have no connectivity and don't have cert generation, but it's hard because the only ingress currently is production, on 80 and 443. But we can solve this! A complete, redundant set of Ingress controller and kube-lego could be deployed, in ingress-controller, but aimed at a different set of ports and the LetsEncrypt staging environment! The only thing I can think that wouldn't work would be HTTPS-redirect from the HTTP port, but we can figure that out.