[PATCH wireguard-tools] wg-quick: android: add support for {Pre, Post}{Up, Down} hooks

[Claire]

> Wondering, what commands do you want to run?

PostUp = wg set CelesteWAN fwmark 0

X problem:
I have a Raspberry Pi at home, and I want to have an encrypted link 
between it and client devices. When I'm at home (i.e. connected to 
the Pi's LAN), I want the clients to connect directly to the Pi with 
its LAN IP address. When I'm away from home, I want them to connect 
through a remote server that has access to the Pi.

Y problem:
I cannot do port forwarding on my home internet connection because of 
CGNAT (hence, I cannot have the clients use the Pi's public IP 
address). My cursed idea is to nest Wireguard over Wireguard when not 
on LAN, so the connection would be "Phone -> Server -> Pi". This works 
fine on my laptop, but unfortunately not on my phone (pings to the Pi 
result in no response).

However, when I manually run `wg set CelesteWAN fwmark 0` after the 
tunnel is already set up, the connection works. I have made a patch to 
allow setting FwMark in the config, but it doesn't work when testing. 
Perhaps the `iptables -m mark ...` rules are interfering. I want to 
try only setting the `fwmark` for the interface, but I feel like it's 
too niche to upstream, so I wanted to add generic command execution.

If there's a less cursed way to make Wireguard over Wireguard work, or 
even not having to do WoW, I'd appreciate it.

Sincerely,
Claire Elaina