Notes from in-person meet to make error-cases in api.md more well-defined.

Status codes 200, 404, 405, and 500 are not endpoint specific.  When we take a
pass over api.md, it might be a good idea to not list them redundantly for each
endpoint.

§3.1, get-tree-head-to-cosign
	* http method - Get
	* Input - None
	* Output - timestamp, tree_size, root_hash, signature
	* Users - Witness
	* Status Code
		* 200 - Success
		* 404 - Not Found
		* 405 - Method Not Allowed
		* 500 - Internal Server Error

§3.2, get-tree-head-cosigned
	* http method - Get
	* Input - None
	* Output - timestamp, tree_size, root_hash, signature, cosignature, key_hash
	* Users - signers, monitors
	* Status Code
		* 200 - Success
			* consider request successful even if the list of cosignatures is empty
			* update api.md to allow empty list by simply not listing a key-value pair
		* 404 - Not Found
		* 405 - Method Not Allowed
		* 500 - Internal Server Error

§3.3 - get-inclusion-proof
	* http method - Get
	* Input - tree_size, leaf_hash
	* Output - leaf_index, inclusion_path
	* Users - signer, monitor
	* Status Code
		* 200 - Success
		* 400 - Bad Request (bad input)
		* 404 - Not Found
		* 405 - Method Not Allowed
		* 500 - Internal Server Error

§3.4, get-consistency-proof
	* http method - Get
	* Input - old_size, new_size
	* Output - consistency_path
	* Users - witness, optionally signer and monitor
	* Status Code
		* 200 - Success
		* 400 - Bad Request (bad input)
		* 404 - Not Found
		* 405 - Method Not Allowed
		* 500 - Internal Server Error

§3.5, get-leaves
	* http method - Get
	* Input - start_size, end_size
	* Output - shard_hint, checksum, signature, key_hash
	* Users - monitors
	* Status Code
		* 200 - Success
		* 400 - Bad Request (bad input)
		* 404 - Not Found
		* 405 - Method Not Allowed
		* 500 - Internal Server Error

§3.6, add-leaf
	* http method - Post
	* Input - shard_hint, message, signature, public_key, domain_hint
	* Output - None
	* Users - Signer
	* Status Code
		* 200 - Success (will be in the log after signing next tree head)
		* 202 - Accepted (trying to add to the log, still not commited)
		* 400 - Bad Request (e.g., invalid signature, TBD: duplicate as well?)
		* 403 - Forbidden (bad domain hint)
		* 404 - Not Found
		* 405 - Method Not Allowed
		* 429 - Too Many Requests (rate-limit kicked in for domain hint)
		* 500 - Internal Server Error

§3.7, add-cosignature
	* http method - Post
	* Input - cosignature, key_hash
	* Output - None
	* Users - Witness
	* Status Code
		* 200 - Success
		* 400 - Bad Request (e.g., bad signature)
		* 403 - Forbidden (witness key_hash is not configured)
		* 404 - Not Found
		* 405 - Method Not Allowed
		* 500 - Internal Server Error

Note that clients may encountered other status codes from components that are
placed in front of log-go, e.g., from nginx/apache/etc:
	* 301 - Moved Permanently
	* 307 - Temporary Redirect
	* 429 - Too Many Requests
	* 503 - Service Unavailable

Human-readable string should be free-form and not "error=" due to the above.
I.e., nginx is not going to give a text string on the format "error=".