wpa_supplicant(8) control socket enabled by default

[Roy Marples <roy%marples.name@localhost>]

Moving this discussion onto tech-net.

Summary - I added a default configuration for wpa_supplicant which 
enabled the control socket. With this enabled wpa_supplicant will 
default the group owner to the group owner of the top level directory 
where it resides which is normally wheel. To clarify this, I set the 
socket group to wheel in the default config as well.

This will only affect new installations as existing setups already have 
their own wpa_supplicant.conf(5) and wheel defaults to no members and 
whose only purpose before now was to allow su to root.

Maya pointed out this relaxed the default privs from what we used to 
ship and a conversation then ensued.
https://mail-index.netbsd.org/source-changes-d/2019/01/12/msg010932.html

mrg was the only out right dissenter of this change:
https://mail-index.netbsd.org/source-changes-d/2019/01/13/msg010941.html

Greg suggested a wpa_supplicant group:
https://mail-index.netbsd.org/source-changes-d/2019/01/13/msg010937.html

Although Robert was against this idea:
https://mail-index.netbsd.org/source-changes-d/2019/01/14/msg010943.html

Jason suggested that using ttyaction(5) could chown the the socket as a 
hackish alternative.
https://mail-index.netbsd.org/source-changes-d/2019/01/14/msg010948.html

The overall feedback was generally positive, but I would like to guage a 
wider audience, hence now posting this here as the original conversation 
on source-changes-d has now stalled.

Here are the options as I see them:
1) Keep things as they are now
2) Change the default group
3) Turn off the socket
4) Add config option to explicity set socket mode
6) Change the socket mode to revoke group access and use ttyaction

The last option would also need to introduce a new configuration option 
upstream.

Roy