conf: Replace hard-coded /etc where appropriate

Also document the actual value of ${sysconfdir}.

conf/options/charon.opt

@@ -38,8 +38,8 @@ charon.cert_cache = yes
 charon.cache_crls = no
 	Whether Certificate Revocation Lists (CRLs) fetched via HTTP or LDAP should
 	be saved under a unique file name derived from the public key of the
-	Certification Authority (CA) to **/etc/ipsec.d/crls** (stroke) or
-	**/etc/swanctl/x509crl** (vici), respectively.
+	Certification Authority (CA) to **${sysconfdir}/ipsec.d/crls** (stroke) or
+	**${sysconfdir}/swanctl/x509crl** (vici), respectively.
 
 charon.check_current_path = no
 	Whether to use DPD to check if the current path still works after any

conf/plugins/unbound.opt

@@ -1,7 +1,7 @@
 charon.plugins.unbound.resolv_conf = /etc/resolv.conf
 	File to read DNS resolver configuration from.
 
-charon.plugins.unbound.trust_anchors = /etc/ipsec.d/dnssec.keys
+charon.plugins.unbound.trust_anchors = ${sysconfdir}/ipsec.d/dnssec.keys
 	File to read DNSSEC trust anchors from (usually root zone KSK).
 
 	File to read DNSSEC trust anchors from (usually root zone KSK). The format

conf/strongswan.conf.5.tail.in

@@ -458,6 +458,7 @@ The variables used above are configured as follows:
 .na
 ${piddir}               @piddir@
 ${prefix}               @prefix@
+${sysconfdir}           @sysconfdir@
 ${random_device}        @random_device@
 ${urandom_device}       @urandom_device@
 .ad
@@ -467,9 +468,9 @@ ${urandom_device}       @urandom_device@
 .
 .nf
 .na
-/etc/strongswan.conf       configuration file
-/etc/strongswan.d/         directory containing included config snippets
-/etc/strongswan.d/charon/  plugin specific config snippets
+@sysconfdir@/strongswan.conf       configuration file
+@sysconfdir@/strongswan.d/         directory containing included config snippets
+@sysconfdir@/strongswan.d/charon/  plugin specific config snippets
 .ad
 .fi
 .