Allow using existing ACME certificates

Add a certificate scheme for using an existing ACME certificate without
setting up Nginx.

Also use names instead of magic numbers for certificate schemes.

mail-server/environment.nix

@@ -23,6 +23,6 @@ in
   config = with cfg; lib.mkIf enable {
     environment.systemPackages = with pkgs; [
       dovecot opendkim openssh postfix rspamd
-    ] ++ (if certificateScheme == 2 then [ openssl ] else []);
+    ] ++ (if certificateScheme == "selfsigned" then [ openssl ] else []);
   };
 }