Added documentation on the first-connection process.

This is a four-part process:

1. Hello!  Configure basic administrative information.

2. Configure identity information.

3. Configure network.

4. Box is running normally, user can interact with and add and remove
services per the normal processes.

doc/design/first-connection.mdwn

@@ -0,0 +1,113 @@
+# First Connection: Initial user configuration.
+
+The Plinth first-connection process has several stages:
+
+0. The user connects to Plinth for the first time and is redirected from
+   the home page to the Hello page.
+
+1. The user sets the Box's name, the administrator's name and
+   password, and the box's PGP key (optional).
+
+2. The box generates and the user receives any PGP keys.
+
+3. The box detects the network's configuration and restarts networking.
+
+4. The user interacts with the box normally.
+
+## Stage 0: Connection
+
+The printed manual instructs the user how to set up their local
+network and uses diagrams to teach users to differentiate between a
+router and modem.  If the user only has a modem and their FreedomBox
+doesn't have multiple ethernet ports, then I don't know what they'll
+do.
+
+The user securely connects to the FreedomBox, and Plinth realizes that
+it hasn't been configured.  The user is automatically
+(non-interactively) redirected from the home page to the Hello page.
+
+## Stage 1: Hello
+
+The user's first (interactive) interaction with Plinth is on the Hello
+page, where they set these required items:
+
+- Box's Name (hostname).
+- Plinth Administrative User's Name.
+- Plinth Administrative User's Password.
+
+The user can also set these optional items:
+
+- Box's *Private PGP Key.*
+- User's *Public PGP Key.*
+
+### TODOs
+
+- [ ] Allow the user to provide the Box's *Private PGP Key.*
+- [ ] Allow the user to provide their own *Public PGP Key.*
+- [ ] Hide the key management tools under an advanced options menu.
+- [ ] Add space for the administrative user's name and password in the
+  printed manual.
+- [ ] Add space for the normal (non-administrative) user's name and
+  password in the printed manual.
+
+## Stage 2: Identity Configuration
+
+If the user didn't provide a PGP for the Box, box generates its own PGP
+key.  Also, if the user didn't provide their own public PGP key, the box
+generates one for the user.
+
+The user downloads all PGP keys provided by the box.
+
+### TODOs
+
+- [ ] Create PGP keys.
+- [ ] Allow user to download PGP keys.
+- [ ] Users need client-side tools to manage downloaded PGP keys.
+
+## Stage 3: Networking Configuration
+
+The FreedomBox detects the current network configuration and adjusts
+itself accordingly, configuring itself per the chart, below:
+
+| Ethernet Ports | Modem | Modem + Router |
+|----------------+-------+----------------|
+| One            | M1    | MR1            |
+| Two            | M2    | MR2            |
+
+After network detection is complete, the FreedomBox asks the user to
+correct the network configuration (plugging the right cables into the
+right ports) and restarts networking.
+
+The user's client device must still be able to connect to the Internet
+after this configuration is complete.  If not, the configuration is
+invalid and should not be used.  At a minimum, the user should be
+warned that they're about to remove their client device from the
+Internet.
+
+### M1: Modem and 1 Ethernet Port
+
+(RaspberryPi + Modem + Client Device)
+
+(We may need to require a wireless modem on the RPi before this can be
+a valid configuration.)
+
+### M2: Modem, and 2 Ethernet Ports
+
+(DreamPlug + Modem + Client Device)
+
+### MR1: Modem Router, and 1 Ethernet Port
+
+(RaspberryPi + Modem + Router + Client Device)
+
+### MR2: Modem Router, and 1 Ethernet Port
+
+(DreamPlug + Modem + Router + Client Device)
+
+### TODOs
+
+- [ ] Detect the current network configuration.
+
+## Stage 4: Normal Interaction
+
+Networking has restarted and the user can interact with the FreedomBox
+normally.