feat: First version of broker based WireGuard PSK interface

This allows us to run with minimal priviledges in the Rosenpass process itself

util/src/fd.rs

@@ -0,0 +1,12 @@
+use std::os::fd::{OwnedFd, RawFd};
+
+/// Clone some file descriptor
+///
+/// If the file descriptor is invalid, an error will be raised.
+pub fn claim_fd(fd: RawFd) -> anyhow::Result<OwnedFd> {
+    use rustix::{fd::BorrowedFd, io::dup};
+
+    // This is safe since [dup] will simply raise
+    let fd = unsafe { dup(BorrowedFd::borrow_raw(fd))? };
+    Ok(fd)
+}