Replace wg-quick with more direct implementation

[clly]

wg-quick was incredibly useful for getting started. It made it possible to start
and shutdown wireguard interfaces with the expected settings, routing rules and
iptables/firewall configuration. It also comes with some expected and unexpected
baggage.

1. It pulls in several dependencies, increasing the size of the wireguard-cni
   docker containers to over 1GB.
2. It creates, configures and brings up the interface in a single command. This
   is useful, but also means that we cannot create the interface and then move
   it into a network namespace. This prevents us from creating container <->
   container networks since we can't move a link that is already created.
3. It uses a configuration file to read and apply the configuration. This means
   the wireguard private key is included in the file. This is root read-only but
   it's still a risk we'd rather not have

We can start with replacing wg-quick with bash scripts or straight go code and
slowly unwide to an implementation that can handle Routing, Interface creation
and Firewalling as separate pieces. Separate implementations also ensure that we
can have Windows, OSX and Linux implementations.

[clly]

Device configuration in linux can be managed by https://github.com/vishvananda/netlink