[client] Fix Rosenpass permissive mode handling

[pappz]

Describe your changes

Between two agents, if both have enabled Rosenpass but only one side is set to permissive mode, the WireGuard handshake never occurs.

Figure out the proper preshared key setting for WrieGuard after the connection, based on the offer-answer signaling messages.

Issue ticket number and link

Stack

Checklist

• Is it a bug fix
• Is a typo/documentation fix
• Is a feature enhancement
• It is a refactor
• Created tests that fail without the change (if possible)
• Extended the README / documentation, if necessary

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Copilot]

Pull Request Overview

This PR fixes the Rosenpass preshared key handling to enable successful WireGuard handshakes when one side is in permissive mode. Key changes include:

• Updating field accesses from RosenpassPubKey/RosenpassAddr to RosenpassConfig.PubKey/RosenpassConfig.Addr.
• Modifying the preshared key computation logic to account for permissive mode.
• Revising peer configuration in the Engine to use the new RosenpassConfig struct.

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File	Description
client/internal/peer/handshaker.go	Updated offer/answer messages to use RosenpassConfig fields.
client/internal/peer/conn_test.go	Added tests for various Rosenpass permissive/enabled scenarios.
client/internal/peer/conn.go	Modified connection configuration and preshared key logic.
client/internal/engine.go	Updated peer connection creation to use RosenpassConfig.

Comments suppressed due to low confidence (1)

client/internal/peer/conn.go:815

• [nitpick] Consider renaming function 'rosenpassDetermKey' to 'rosenpassDetermineKey' for improved clarity.

func (conn *Conn) rosenpassDetermKey() (*wgtypes.Key, error) {