Feat(eos_designs): Implement DTLS for STUN for WAN scenarios

[gmuloc]

Enhancement summary

Add support for DTLS for stun server and client configuration

Which component of AVD is impacted

eos_designs

Use case example

STUN client:

stun
   client
  	server-profile server-profile-1
     	ip address 1.1.1.1
     	ssl profile dtls-stun-client

management security
   ssl profile dtls-stun-client
  	certificate client.crt key client.key
  	trust certificate ca.pem

router path-selection
   path-group PathGroup1 id 1
  	local interface Ethernet2
     	stun server-profile server-profile-1

interface Ethernet2
   ip address 2.2.2.2/24

Stun Server

stun
   server
  	local-interface Ethernet1
  	ssl profile dtls-stun-server

interface Ethernet1
   ip address 1.1.1.1/24

management security
   ssl profile dtls-stun-server
  	certificate server.crt key server.key
  	trust certificate ca.pem

Describe the solution you would like

Add a knobs as follow for each wan_route_servers:

# When the route server is part of the same inventory as the WAN routers,
# only the name is required.
wan_route_servers:
    # Route-Reflector hostname.
  - hostname: <str; required; unique>
    # Route-Reflector router id.
    router_id: <str>
    dtls_profile: <str>

dtls_profile is the name of the profile, the certificates file names for cert and keys as well as trust are auto generated by CVP

The generate profile should be

management security
          ssl profile <dtls_profile>
              certificate <dtls_profile>.crt key <dtls_profile>.key
              trust certificate aristaDeviceCertProvisionerDefaultRootCA.crt

NOTE: in the key description add that this can only be used in conjunction with CVP

and generate the appropriate config in STUN and management security (do this in roles/eos_designs/python_modules/overlay

Describe alternatives you have considered

No response

Additional context

No response

Contributing Guide

• I agree to follow this project's Code of Conduct