[feature] Add support for tls-crypt instead of tls-auth

[kosli]

OpenVPN 2.4 onwards supports the tls-crypt option instead of tls-auth. It would be great if OpenWISP would support this feature instead of just tls-auth.

From the OpenVPN 2.5. manual:

• Encrypt and authenticate all control channel packets with the key from keyfile. (See --tls-auth for more background.)
• Encrypting (and authenticating) control channel packets:
  • provides more privacy by hiding the certificate used for the TLS connection,
  • makes it harder to identify OpenVPN traffic as such,
  • provides "poor-man's" post-quantum security, against attackers who will never know the pre-shared key (i.e. no forward secrecy).
• In contrast to --tls-auth, --tls-crypt does not require the user to set --key-direction.

[kosli]

OpenVPN 2.5 would even support client-specific tls-crypt keys, see Client-specific tls-crypt keys (--tls-crypt-v2) tls-crypt-v2 adds the ability to supply each client with a unique tls-crypt key. This allows large organisations and VPN providers to profit from the same DoS and TLS stack protection that small deployments can already achieve using tls-auth or tls-crypt.