- Split the MANAGE privilege into MANAGE, SETMAC and CREATE_VAP. + MANAGE is everything but setting the MAC and creating a VAP. + SETMAC is setting the MAC address of the VAP. Typically you wouldn't want the jail to be able to modify this. + CREATE_VAP is to create a new VAP. Again, you don't want to be doing this in a jail, but this DOES stop being able to run some corner cases like Dynamic WDS (DWDS) AP in a jail/vnet. We can figure this bit out later.
This allows me to run wpa_supplicant in a jail after transferring
a STA VAP into it. I unfortunately can't currently set the wlan
debugging inside the jail; that would be super useful!
Note that running wpa_supplicant in a jail requires lo0 to be up
and have an IPv4 address otherwise it doesn't get the routing
socket message size - it uses NET_RT_DUMP to do so. That should
be fixed in a later change.