Fix for fwmark

Evidently, wireguard's (use of) fwmark is not well understood. In short,
it determines which routing table to use for a tunnel's packets.

Adding a fwmark to a roadwarrior client config won't do anything to the
actual packets sent to a peer: Packets do not get marked.

A QRCode with `FwMark = ...` in it is invalid.

FwMark is now excluded from client configs (but is written to the
server config /etc/wireguard/wgX.conf).

Potential breaking change of `WGUI_FORWARD_MARK` to `WGUI_FIREWALL_MARK`

But this has the effect of making users eventually notice that it
probably does not do what they want/think.

See:
https://ro-che.info/articles/2021-02-27-linux-routing

https://casavant.org/2020/10/10/wireguard-fwmark.html

https://www.blinkenlights.ch/ccms/posts/source-based-routing/

util/config.go

@@ -29,7 +29,7 @@ const (
 	DefaultDNS                             = "1.1.1.1"
 	DefaultMTU                             = 1450
 	DefaultPersistentKeepalive             = 15
-	DefaultForwardMark                     = "0xca6c"
+	DefaultFirewallMark                    = "0xca6c"  // i.e. 51820
 	DefaultConfigFilePath                  = "/etc/wireguard/wg0.conf"
 	UsernameEnvVar                         = "WGUI_USERNAME"
 	PasswordEnvVar                         = "WGUI_PASSWORD"
@@ -39,7 +39,7 @@ const (
 	DNSEnvVar                              = "WGUI_DNS"
 	MTUEnvVar                              = "WGUI_MTU"
 	PersistentKeepaliveEnvVar              = "WGUI_PERSISTENT_KEEPALIVE"
-	ForwardMarkEnvVar                      = "WGUI_FORWARD_MARK"
+	FirewallMarkEnvVar                     = "WGUI_FIREWALL_MARK"
 	ConfigFilePathEnvVar                   = "WGUI_CONFIG_FILE_PATH"
 	ServerAddressesEnvVar                  = "WGUI_SERVER_INTERFACE_ADDRESSES"
 	ServerListenPortEnvVar                 = "WGUI_SERVER_LISTEN_PORT"