Client-connect: High level security could allow TLS-Auth/Crypt keys by configuration

[TinCanTech]

Example: #key_hwaddr_required=1 could still allow TLS-Auth/Crypt only key access ..

A slightly finer balance with #crypt_v2_required=1

[TinCanTech]

Review this:

* Select the level of hardware-address verification required ?
+----------------------------------------
| TLS-Auth/Crypt and TLS-Crypt-V2 Server
+----------------------------------------
| [0] Low - Allow all keys to connect, hwaddr verification is not enforced.
|
| [1] Default - Do not require clients to push a hwaddr.
|     TLS-Crypt-V2 keys with a hwaddr mismatch will be disconnected.
|     TLS-Crypt-V2 keys without a hwaddr can connect.
|     TLS Auth and Crypt-v1 keys can connect.
|
| [2] Medium - Require all clients to push a hwaddr.
|     TLS-Crypt-V2 keys with a hwaddr mismatch will be disconnected.
|     TLS-Crypt-V2 keys without a hwaddr can connect but must push a hwaddr.
|     TLS Auth and Crypt-v1 keys can connect but must push a hwaddr.
+----------------------------------------
| TLS-Crypt-V2 ONLY Server
+----------------------------------------
| [3] Medium-High - Do not require clients to push a hwaddr.
|     TLS-Crypt-V2 keys without a Hardware-address can connect.
|
| [4] High - Require all clients to push a hwaddr.
|     TLS-Crypt-v2 keys without a hwaddr can connect but must push a hwaddr.
|
| [5] Very High - hwaddr verification is enforced on all clients.
|     TLS-Crypt-V2 key must have a hwaddr and client must push a hwaddr.

Possibly, have a new flag to allow TLS-Auth/Crypt at level 3-5 ?