Wireguard support for Mullvad and Windscribe (#565)

- `internal/wireguard` client package with unit tests
- Implementation works with kernel space or user space if unavailable
- `WIREGUARD_PRIVATE_KEY`
- `WIREGUARD_ADDRESS`
- `WIREGUARD_PRESHARED_KEY`
- `WIREGUARD_PORT`
- `internal/netlink` package used by `internal/wireguard`

internal/wireguard/rule.go

@@ -0,0 +1,28 @@
+package wireguard
+
+import (
+	"fmt"
+
+	"github.com/vishvananda/netlink"
+)
+
+func (w *Wireguard) addRule(rulePriority, firewallMark int) (
+	cleanup func() error, err error) {
+	rule := netlink.NewRule()
+	rule.Invert = true
+	rule.Priority = rulePriority
+	rule.Mark = firewallMark
+	rule.Table = firewallMark
+	if err := w.netlink.RuleAdd(rule); err != nil {
+		return nil, fmt.Errorf("%w: when adding rule: %s", err, rule)
+	}
+
+	cleanup = func() error {
+		err := w.netlink.RuleDel(rule)
+		if err != nil {
+			return fmt.Errorf("%w: when deleting rule: %s", err, rule)
+		}
+		return nil
+	}
+	return cleanup, nil
+}