magicsock: reconnect to home DERP on key change

Typically the home DERP server is found and set on startup before
magicsock's SetPrivateKey can be called, so no DERP connection is
established. Make sure one is by kicking the home DERP tires in
SetPrivateKey.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>

wgengine/magicsock/magicsock.go

@@ -1024,13 +1024,13 @@ func (c *Conn) SetPrivateKey(privateKey wgcfg.PrivateKey) error {
 		return nil
 	}
 	c.privateKey = newKey
-	if oldKey.IsZero() {
-		// Initial configuration on start.
-		return nil
-	}
 
-	// Key changed. Close any DERP connections.
+	// Key changed. Close existing DERP connections and reconnect to home.
+	myDerp := c.myDerp
+	c.myDerp = 0
+	c.logf("magicsock private key set, rebooting connection to home DERP %d", myDerp)
 	c.closeAllDerpLocked()
+	go c.setNearestDERP(myDerp)
 
 	return nil
 }