Added BraveVPN Windows service for setting DNS filters

[spylogsster]

Resolves brave/brave-browser#25489

Sec review and video in https://github.com/brave/security/issues/1029

• Added a windows service to setup/remove DNS filters via WFP api when VPN connected/disconnected. The service is installed and registered with mini_installer when user has elevated permissions.
• Crash reports from the service are expected to be inside %channel%\User Data\Crashpad\reports
• Added runtime fallback to override DoH if the helper service is not installed or failed to start more than 3 times.
• Disconnects brave vpn connection if unable to set filters
• The service stops 10 seconds after disconnecting the vpn entrypoint, if during this time the vpn is reconnected, the service will not stop and will continue to work and set filters.
• Installed filters can be viewable by netsh wfp show filters
• Updated dialog text for DoH fallback:

Helper's crash reports:

Submitter Checklist:

• I confirm that no security/privacy review is needed, or that I have requested one
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally: npm run test -- brave_browser_tests, npm run test -- brave_unit_tests, npm run lint, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Custom-Headers
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

• in issue

[spylogsster]

and please check brave_vpn_helper.exe is signed.

[bsclifton]

This is great! 😄👍

I can help get the final text updated before we ship

[cdesouza-chromium]

This line is default initialising exit_code_watcher to nullptr. However, a few lines down we check for the validity of exit_code_watcher, which will always return false, so it won't ever call exit_code_watcher->StopWatching();.

Do we need this browser_watcher::ExitCodeWatcher instance here?