Android: support all `FLEET_VAR_HOST_` variables in configuration profiles

[marko-lisica]

Goal

User story
As an IT admin,
I want to use Fleet's variable in WiFi configuration profile
so that I can include the user's email as an identity for EAP-TLS authentication.

Changes

Product

• Changes:
  • Support all variables prefixed with $FLEET_VAR_HOST_ in Android configuration profiles
  • Validate that variables are used in strings (wrapped with "). Return an invalid JSON error if not wrapped.
  • Display error on Host details > OS settings modal, if there’s no value for the variable.
• UI changes: No changes.
• CLI (fleetctl) usage changes: No changes.
• YAML changes: No changes.
• REST API changes: No changes.
• Fleet's agent (fleetd) changes: No changes.
• Fleet server configuration changes: No changes.
• Exposed, public API endpoint changes: No changes.
• fleetdm.com changes: No changes.
• GitOps mode UI changes: No changes.
• GitOps generation changes: No changes.
• Activity changes: No changes.
• Permissions changes: No changes.
• Changes to paid features or tiers: No changes.
• My device and fleetdm.com/better changes: No changes.
• Usage statistics: No changes.
• Other reference documentation changes: No changes.
• First draft of test plan added
• Once shipped, requester has been notified
• Once shipped, dogfooding issue has been filed

Engineering

• Test plan is finalized
• Contributor API changes: TODO
• Feature guide changes: TODO
• Database schema migrations: TODO
• Load testing: TODO
• Pre-QA load test: TODO
• Load testing/osquery-perf improvements: TODO
• This is a premium only feature: Yes / No

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

Risk assessment

• Requires testing in a hosted environment: TODO
• Requires load testing: TODO
• Risk level: Low / High TODO
• Risk description: TODO

Test plan

Make sure to go through the list and consider all events that might be related to this story, so we catch edge cases earlier.

Core flow

• TODO
• TODO
• TODO

UI

• Verify that all UI changes specified in the Figma wireframes are correctly implemented
• Verify expected UI states (loading, empty, error states if applicable)

API

• Test all API endpoints added or modified in the API changes section of this issue
• Verify error handling for invalid inputs where applicable

GitOps (generate + run)

• Configure the feature through the UI and run fleetctl generate-gitops
• Confirm the generated .yml includes the expected fields (compare with YAML changes in the Product section)
• Modify the generated .yml and run fleetctl gitops
• Confirm the configuration updates correctly in Fleet
• Enable GitOps mode and verify the feature behaves correctly

Permissions

• Verify role restrictions are applied correctly for global roles
• Verify role restrictions are applied correctly for fleet-level roles

Edge cases

• TODO
• TODO
• TODO

Supplemental testing

Testing notes

Confirmation

1. Engineer: Added comment to user story confirming successful completion of test plan (include any special setup, test data, or configuration used during development/testing if applicable).
2. QA: Added comment to user story confirming successful completion of test plan.