httpcaddyfile: Put root directive first, before redir and rewrite

See https://caddy.community/t/v2-match-any-path-but-files/7326/8?u=matt

If rewrites (or redirects, for that matter) match on file existence,
the file matcher would need to know the root of the site.

Making this change implies that root directives that depend on rewritten
URIs will not work as expected. However, I think this is very uncommon,
and am not sure I have ever seen that. Usually, dynamic roots are based
on host, not paths or query strings.

I suspect that rewrites based on file existence will be more common than
roots based on rewritten URIs, so I am moving root to be the first in
the list.

Users can always override this ordering with the 'order' global option.

caddyconfig/httpcaddyfile/directives.go

@@ -27,14 +27,21 @@ import (
 
 // directiveOrder specifies the order
 // to apply directives in HTTP routes.
+//
+// The root directive goes first in case rewrites or
+// redirects depend on existence of files, i.e. the
+// file matcher, which must know the root first.
+//
+// The header directive goes second so that headers
+// can be manipulated before doing redirects.
 var directiveOrder = []string{
+	"root",
+
 	"header",
 
 	"redir",
 	"rewrite",
 
-	"root",
-
 	// URI manipulation
 	"uri",
 	"try_files",

modules/caddyhttp/caddyhttp.go

@@ -199,6 +199,8 @@ func StatusCodeMatches(actual, configured int) bool {
 
 // tlsPlaceholderWrapper is a no-op listener wrapper that marks
 // where the TLS listener should be in a chain of listener wrappers.
+// It should only be used if another listener wrapper must be placed
+// in front of the TLS handshake.
 type tlsPlaceholderWrapper struct{}
 
 func (tlsPlaceholderWrapper) CaddyModule() caddy.ModuleInfo {