libnm: change nm_wireguard_peer_set_preshared_key() API to allow validation

This is an API break since 1.16-rc1.

The functions like _nm_utils_wireguard_decode_key() are internal API
and not accessible to a libnm user. Maybe this should be public API,
but for now it is not.

That makes it cumbersome for a client to validate the setting. The client
could only reimplement the validation (bad) or go ahead and set invalid
value.

When setting an invalid value, the user can afterwards detect it via
nm_wireguard_peer_is_valid(), but at that point, it's not clear which
exact property is invalid.

First I wanted to keep the API conservative and not promissing too much.
For example, not promising to do any validation when setting the key.
However, libnm indeed validates the key at the time of setting it
instead of doing lazy validation later. This makes sense, so we can
keep this promise and just expose the validation result to the caller.

Another downside of this is that the API just got more complicated.
But it not provides a validation API, that we previously did not have.

(cherry picked from commit d7bc1750c1)

examples/python/gi/nm-wg-set

@@ -355,11 +355,11 @@ def do_set(nm_client, conn, argv):
             if peer and argv[idx] == 'preshared-key':
                 psk = argv_get_one(argv, idx + 1, None, idx)
                 if psk == '':
-                    peer.set_preshared_key(None)
+                    peer.set_preshared_key(None, True)
                     if peer_secret_flags is not None:
                         peer_secret_flags = NM.SettingSecretFlags.NOT_REQUIRED
                 else:
-                    peer.set_preshared_key(wg_read_private_key(psk))
+                    peer.set_preshared_key(wg_read_private_key(psk), True)
                     if peer_secret_flags is not None:
                         peer_secret_flags = NM.SettingSecretFlags.NONE
                 idx += 2