util/syspolicy: implement a syspolicy store that reads settings from environment variables

In this PR, we implement (but do not use yet, pending #13727 review) a syspolicy/source.Store
that reads policy settings from environment variables. It converts a CamelCase setting.Key,
such as AuthKey or ExitNodeID, to a SCREAMING_SNAKE_CASE, TS_-prefixed environment
variable name, such as TS_AUTH_KEY and TS_EXIT_NODE_ID. It then looks up the variable
and attempts to parse it according to the expected value type. If the environment variable
is not set, the policy setting is considered not configured in this store (the syspolicy package
will still read it from other sources). Similarly, if the environment variable has an invalid value
for the setting type, it won't be used (though the reported/logged error will differ).

Updates #13193
Updates #12687

Signed-off-by: Nick Khyl <nickk@tailscale.com>

util/syspolicy/source/policy_store_windows.go

@@ -319,9 +319,9 @@ func (ps *PlatformPolicyStore) ReadStringArray(key setting.Key) ([]string, error
 // If there are no [setting.KeyPathSeparator]s in the key, the policy setting value
 // is meant to be stored directly under {HKLM,HKCU}\Software\Policies\Tailscale.
 func splitSettingKey(key setting.Key) (path, valueName string) {
-	if idx := strings.LastIndex(string(key), setting.KeyPathSeparator); idx != -1 {
-		path = strings.ReplaceAll(string(key[:idx]), setting.KeyPathSeparator, `\`)
-		valueName = string(key[idx+len(setting.KeyPathSeparator):])
+	if idx := strings.LastIndexByte(string(key), setting.KeyPathSeparator); idx != -1 {
+		path = strings.ReplaceAll(string(key[:idx]), string(setting.KeyPathSeparator), `\`)
+		valueName = string(key[idx+1:])
 		return path, valueName
 	}
 	return "", string(key)