Keep the live tunnel PSK in sync in modify_peer() / update_peer()

[lurenjia534]

Summary

Device::modify_peer() and Device::update_peer() updated the stored peer PSK, but left the live tunnel / handshake state unchanged.

That allowed the configured PSK and the runtime PSK to diverge, and could leave sessions / in-flight handshake state derived from the previous PSK usable after a PSK change.

Fix

This patch makes PSK updates affect the live tunnel immediately:

• call set_preshared_key() on the live tunnel when a peer's configured PSK changes
• add Tunn::set_preshared_key() to:
  • update the handshake PSK
  • drop existing sessions
  • clear timer-driven state so the next packet starts a fresh exchange
• add Handshake::set_preshared_key() to:
  • update the stored handshake PSK
  • discard in-flight handshake state (state, previous, last_rtt)

Why this approach

Changing the PSK is not just a config update; it invalidates crypto state derived from the previous PSK.

The library peer-update APIs are expected to affect subsequent handshakes, not only the values returned by configuration / inspection APIs. Updating the live tunnel in place keeps that behavior local to the affected crypto state and avoids rebuilding the whole peer object.

Scope

This change is limited to the library peer-update path.

The UAPI Set path already removes and recreates peers, so its behavior is unchanged.

Tests

This PR adds regression coverage for the affected paths:

• modify_peer_updates_live_preshared_key
• update_peer_updates_live_preshared_key
• set_preshared_key_invalidates_existing_sessions

The new tests verify that:

• changing the PSK through modify_peer() or update_peer() affects the live handshake state
• previously established sessions do not survive a PSK change
• the next exchange starts from a fresh handshake under the new PSK

---

This change is