consul-openrc: change healthcheck to work better with ACLs
The consul info
command that is used for the health check in the consul init script requires agent:read
permissions if ACLs are active in Consul. This then requires creating a token with those permissions and making it available to the init script, which is both a hassle and creates potential security issues.
As an alternative, I suggest using consul config list -kind proxy-defaults
which requires no permissions at all (see https://www.consul.io/api/config.html), so it just works with no special setup when ALCs are turned on, and also follows the principle of least privilege.
I made this change locally and it's working fine for me.