Add cloud-router configuration templates and scripts

- Introduced debian templates for cloud-router configuration parameters.
- Added simple-ca.sh script for managing a minimal Certificate Authority (CA) for IKEv2 PKI.
- Created sysctl configuration to enable IP forwarding and adjust rp_filter settings.
- Implemented configure script to render configuration files using Jinja2 templates.
- Added simple-ca script for generating CA and certificates.
- Created Jinja2 templates for various configuration files including netplan, strongSwan, and WireGuard.
- Implemented UFW rules setup for IPsec and WireGuard.
- Added support for road-warrior and site-to-site VPN configurations.

debian/control

@@ -0,0 +1,29 @@
+Source: cloud-router
+Section: net
+Priority: optional
+Maintainer: Sławomir Koszewski <slawek@koszewscy.waw.pl>
+Build-Depends: debhelper-compat (= 14)
+Standards-Version: 4.6.2
+Rules-Requires-Root: no
+
+Package: cloud-router
+Architecture: all
+Depends: ${misc:Depends},
+         strongswan-swanctl,
+         charon-systemd,
+         libstrongswan-extra-plugins,
+         libcharon-extra-plugins,
+         wireguard-tools,
+         ufw,
+         debconf,
+         openssl,
+         python3-jinja2
+Description: Linux cloud router with IPSec and optional WireGuard
+ Configures a Linux host as a cloud router providing site-to-site IKEv2
+ IPSec (strongSwan swanctl) and road-warrior P2S VPN (EAP-TLS). WireGuard
+ is optionally enabled. Includes a PKI helper library (simple-ca.sh) for
+ managing the road-warrior certificate authority.
+ .
+ Site-specific values are collected via debconf at install time and written
+ to /etc/default/cloud-router. A one-shot systemd service (cloud-router-setup)
+ applies UFW rules and WireGuard keys on first boot.