Add settings to mark cryptographic algorithms in vpn customer gateways as excluded or obsolete

[abh1sar]

Description

This PR introduces several configuration settings using which an operator can mark certain cryptographic algorithms and parameters as excluded or obsolete for VPN Customer Gateway creation for Site-to-Site VPN.

Cloud providers following modern security frameworks (e.g., ISO 27001/27017) are required to enforce and communicate approved cryptographic standards. CloudStack currently accepts several weak or deprecated algorithms without guidance to users. This PR closes that gap by giving operators explicit control over what is disallowed vs discouraged, improving security posture without breaking existing deployments.

These settings are:

1. vpn.customer.gateway.excluded.encryption.algorithms
2. vpn.customer.gateway.excluded.hashing.algorithms
3. vpn.customer.gateway.excluded.ike.versions
4. vpn.customer.gateway.excluded.dh.group
5. vpn.customer.gateway.obsolete.encryption.algorithms
6. vpn.customer.gateway.obsolete.hashing.algorithms
7. vpn.customer.gateway.obsolete.ike.versions
8. vpn.customer.gateway.obsolete.dh.group

Details :

1. Excluded parameters are not shown to the Users in the Create and Update VPN Customer Gateway forms.
2. Obsolete parameters are shown with a warning
3. If a VPN gateway is already using an excluded or obsolete parameter:
   a. A warning icon is displayed near to it's name with a message to change the obsolete parameter.
   b. The Update VPN gateway form shows the setting with a warning to change it.
4. listVpnCustomerGateways api returns two new fields containsobsoleteparameters and containsexcludedparameters which tells whether an existing gateway is containing obsolete or excluded.
5. A new field in the listCapabilities API response contains the list excluded and obsolete vpn customer gateway parameters, only if set.

Documentation PR : apache/cloudstack-documentation#605

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• Build/CI
• Test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Bug Severity

• BLOCKER
• Critical
• Major
• Minor
• Trivial

Screenshots (if appropriate):

### How Has This Been Tested?

How did you try to break this feature and the system with this change?

[codecov]

Codecov Report

❌ Patch coverage is 58.33333% with 60 lines in your changes missing coverage. Please review.
✅ Project coverage is 16.23%. Comparing base (d26122b) to head (714b5b1).
⚠️ Report is 7 commits behind head on 4.20.

Files with missing lines	Patch %	Lines
...in/java/com/cloud/server/ManagementServerImpl.java	0.00%	32 Missing ⚠️
...com/cloud/network/vpn/Site2SiteVpnManagerImpl.java	85.71%	10 Missing and 4 partials ⚠️
...api/response/Site2SiteCustomerGatewayResponse.java	0.00%	6 Missing ⚠️
...k/api/command/user/config/ListCapabilitiesCmd.java	0.00%	3 Missing ⚠️
.../cloudstack/api/response/CapabilitiesResponse.java	0.00%	3 Missing ⚠️
...src/main/java/com/cloud/api/ApiResponseHelper.java	0.00%	2 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               4.20   #12193      +/-   ##
============================================
+ Coverage     16.18%   16.23%   +0.04%     
- Complexity    13305    13368      +63     
============================================
  Files          5657     5659       +2     
  Lines        498459   498719     +260     
  Branches      60492    60552      +60     
============================================
+ Hits          80694    80982     +288     
+ Misses       408783   408726      -57     
- Partials       8982     9011      +29     

Flag	Coverage Δ
uitests	3.99% <ø> (-0.02%)	⬇️
unittests	17.09% <58.33%> (+0.05%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[abh1sar]

@blueorangutan package

[blueorangutan]

@abh1sar a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 15920