framework: add openvpn to native vpn services

This requires a modified mtpd (so it knows how to start openvpn and
run as root, so must drop privs for pppd).

The change causes mtpd to start openvpn and create a management socket
(in /dev/sockets) which is then used to control the interaction.  To
save space on typing, a lot of options (like ifconfig and routes) are
expected to be pushed from the server.

Also updated keystore to allow AID_ROOT to get certificates (because
openvpn will be running as root until the VPN connection is
established and it can drop privileges).

Signed-off-by: James Bottomley <James.Bottomley@suse.de>