netmon: add environment knobs to avoid interfaces or addresses

[intelfx]

This adds three environment variable knobs in total:

• $TS_{ONLY,AVOID}_INTERFACES to control which interfaces Tailscale is allowed to consider for endpoints, and
• $TS_AVOID_PREFIX (using the name suggested in Provide mechanism for users to exclude interfaces from disco + endpoint advertisements #1552) to control which addresses Tailscale is allowed to consider as endpoints.

Each knob accepts a comma-separated list of masks: globs for interface names and prefixes for addresses.

Usage examples:

• TS_ONLY_INTERFACES=en*,wl*
• TS_AVOID_INTERFACES=tun*,wg*
• TS_AVOID_PREFIX=10.1.2.0/24,2a01:2345:6789:abcd::/64

All constraints are additive and are considered in addition to the hardcoded ZeroTier exclusion.

Multiple redundant ways to exclude interfaces/addresses from consideration were implemented in order to cover all use-cases cited by the users in the issue comments.

Fixes #1552.

[istathar]

It's possible that this would resolve #16652, though I'm a bit reluctant to rely on environmnet variables to deliver a key functionality that needs to be user-facing so non-developer uesrs can ensure the setting is applied.

[clstokes]

Related: #15957.

[BelKirill]

Are there any news on this? Is there a workaround?

[ExoSkye]

Can this be merged? It would also be really useful for me since I have a Mullvad VPN connection over Wireguard and when my girlfriend's computer tries to talk to my server, it seems to get preferentially routed through the VPN, which for our usecases is very very slow and not at all adequate.
When forced to go "directly" ie not through the VPN, the internet speed is completely fine, so it'd be useful if I can force it to not use any Mullvad interfaces (I tend to connect to one specific one, so I'll just blacklist the interface which shares the name of the interface it uses).