gluon-mesh-vpn-core: add gluon-wan exec wrapper

gluon-wan is a sudo-like exec wrapper that switches the process group to
gluon-mesh-vpn, making it use the WAN dnsmasq rather than resolving over
the mesh.

Note that this only affects DNS at the moment. Processes running under
gluon-wan will still use the regular mesh IPv6 routing table, and not the
WAN routing table. This is not a problem for IPv4, as there is only one
IPv4 routing table.

Fixes #1575

package/gluon-mesh-vpn-core/luasrc/usr/bin/gluon-wan

@@ -0,0 +1,32 @@
+#!/usr/bin/lua
+
+local GROUP = 'gluon-mesh-vpn'
+
+local grp = require 'posix.grp'
+local unistd = require 'posix.unistd'
+
+if #arg < 1 then
+	io.stderr:write('Usage: gluon-wan <command> ...\n')
+	os.exit(1)
+end
+
+local g = grp.getgrnam(GROUP)
+if not g then
+	io.stderr:write(string.format("gluon-wan: unable to find group '%s'\n", GROUP))
+	os.exit(1)
+end
+
+local ok, err = unistd.setpid('g', g.gr_gid)
+if ok ~= 0 then
+	io.stderr:write(string.format("gluon-wan: unable to change to group: %s\n", err))
+	os.exit(1)
+end
+
+arg[0] = arg[1]
+table.remove(arg, 1)
+print(arg[0], unpack(arg))
+
+ok, err = unistd.execp(arg[0], arg)
+
+io.stderr:write(string.format("gluon-wan: exec failed: %s\n", err))
+os.exit(1)