The server should be configurable to use HTTPS

It should take a private key, a certificate, and a port number as arguments and listen for HTTP over well-configured TLS.

There isn't obviously a Let's Encrypt (ACME) client available for Haskell so I suppose what I'll do is use WarpTLS to run HTTPS using key and certificate supplied to the server and someone else (i.e., not PaymentServer) will have to be responsible for obtaining and maintaining that key and certificate.