ipn/ipnlocal,util/syspolicy,docs/windows/policy: implement the ReconnectAfter policy setting

In this PR, we update the LocalBackend so that when the ReconnectAfter policy setting is configured
and a user disconnects Tailscale by setting WantRunning to false in the profile prefs, the LocalBackend
will now start a timer to set WantRunning back to true once the ReconnectAfter timer expires.

We also update the ADMX/ADML policy definitions to allow configuring this policy setting for Windows
via Group Policy and Intune.

Updates #14824

Signed-off-by: Nick Khyl <nickk@tailscale.com>

util/syspolicy/policy_keys.go

@@ -42,6 +42,12 @@ const (
 	// for auditing purposes. It has no effect when [AlwaysOn] is false.
 	AlwaysOnOverrideWithReason Key = "AlwaysOn.OverrideWithReason"
 
+	// ReconnectAfter is a string value formatted for use with time.ParseDuration()
+	// that defines the duration after which the client should automatically reconnect
+	// to the Tailscale network following a user-initiated disconnect.
+	// An empty string or a zero duration disables automatic reconnection.
+	ReconnectAfter Key = "ReconnectAfter"
+
 	// ExitNodeID is the exit node's node id. default ""; if blank, no exit node is forced.
 	// Exit node ID takes precedence over exit node IP.
 	// To find the node ID, go to /api.md#device.
@@ -176,6 +182,7 @@ var implicitDefinitions = []*setting.Definition{
 	setting.NewDefinition(LogTarget, setting.DeviceSetting, setting.StringValue),
 	setting.NewDefinition(MachineCertificateSubject, setting.DeviceSetting, setting.StringValue),
 	setting.NewDefinition(PostureChecking, setting.DeviceSetting, setting.PreferenceOptionValue),
+	setting.NewDefinition(ReconnectAfter, setting.DeviceSetting, setting.DurationValue),
 	setting.NewDefinition(Tailnet, setting.DeviceSetting, setting.StringValue),
 
 	// User policy settings (can be configured on a user- or device-basis):