Phase 5: extended connectivity — WireGuard ext, OpenVPN, Tor exit routing

- ConnectivityManager: per-peer exit routing via iptables fwmark/policy tables
  (wg_ext=0x10/t110, openvpn=0x20/t120, tor=0x30/t130)
- Dedicated PIC_CONNECTIVITY chains (mangle+nat), kill-switch FORWARD DROP
- Config upload with sanitization: strips PostUp/PostDown and OVpn script dirs
- Peer exit_via field added to peer registry (backward-compat, default=default)
- 7 Flask routes at /api/connectivity/*
- Connectivity.jsx: 693-line frontend with exit cards, peer assignment table
- 72 new tests for ConnectivityManager (72 passing)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

webui/src/App.jsx

@@ -44,6 +44,7 @@ import AccountSettings from './pages/AccountSettings';
 import PeerDashboard from './pages/PeerDashboard';
 import MyServices from './pages/MyServices';
 import Store from './pages/Store';
+import Connectivity from './pages/Connectivity';
 import Setup from './pages/Setup';
 import SetupGuard from './components/SetupGuard';
 
@@ -242,6 +243,7 @@ function AppCore() {
     { name: 'Containers', href: '/containers', icon: Package2 },
     { name: 'Store', href: '/store', icon: Package },
     { name: 'Cell Network', href: '/cell-network', icon: Link2 },
+    { name: 'Connectivity', href: '/connectivity', icon: Network },
     { name: 'Logs', href: '/logs', icon: Activity },
     { name: 'Settings', href: '/settings', icon: SettingsIcon },
     { name: 'Account', href: '/account', icon: User },
@@ -348,6 +350,7 @@ function AppCore() {
                       <Route path="/containers" element={<PrivateRoute requireRole="admin"><ContainerDashboard /></PrivateRoute>} />
                       <Route path="/store" element={<PrivateRoute requireRole="admin"><Store /></PrivateRoute>} />
                       <Route path="/cell-network" element={<PrivateRoute requireRole="admin"><CellNetwork /></PrivateRoute>} />
+                      <Route path="/connectivity" element={<PrivateRoute requireRole="admin"><Connectivity /></PrivateRoute>} />
                       <Route path="/logs" element={<PrivateRoute requireRole="admin"><Logs /></PrivateRoute>} />
                       <Route path="/settings" element={<PrivateRoute requireRole="admin"><Settings /></PrivateRoute>} />
                     </Routes>