Improve IPsec status visibility for multi-network tunnels

[cotosso]

Brief description

When an IPsec tunnel includes multiple networks on the same side (e.g., two or more subnets for the remote site), the UI currently displays only a global connection state (connected / disconnected).
However, it is possible for one Security Association (SA) to be active while another is not. The UI does not show this granularity.

Why / Purpose

Administrators need to understand the actual operational state of each SA within a multi-network tunnel.
Without visibility on individual SA states, troubleshooting becomes harder, false positives appear (tunnel shown as “connected” even if one SA is down), and administrators must rely on CLI checks instead of the UI.

Proposed solution

• Display per-SA status for each local/remote subnet pair.
  Example: a table or expandable panel listing each SA with its state (up / down).

• Provide actions applicable to individual SAs.

SA-specific actions (examples)

A well-received enhancement would be to offer SA-level actions directly from the UI. Examples include:

• Restart SA restart only the affected SA without touching others.

• Force rekey : initiate key renegotiation for the selected SA.

• Flush SA : remove the SA from the kernel to force a fresh negotiation.

These actions help identify and fix partial failures more quickly.

[gsanchietti]

See test case 2 on #1425

The new modal can show the actual status of all CHILD SA

[Tbaile]

Something went wrong with disabled tunnels: