pfSense

Password management changes. Part of issue #15266

• Add function to determine if a given password is valid for use.
• Revise the self-service password change page to be more user-friendly
  and to handle password validation.
• Leave room for Plus to utilize additional restrictions.

Ensure RO user cannot trigger QinQ operations. Fixes #15318

Ensure RO user cannot trigger VLAN operations. Fixes #15282

While here, fix a problem that prevented a VLAN delete operation that
failed from displaying errors.

More PHP error handling changes. Fixes #15263

• Clean up outdated code/comments
• Change how error messages are formed in different contexts
• Allow warnings to be handled if debugging is enabled
• Fix diag_command.php parsing/handling of error detection and output

Use correct option when removing groups. Fix #15067

While there, add comments for clarity.

Suppress Kea status info w/sample confs. Fixes #14953

Don't add overflow scroll to static navigation menu. Fix #7943

Restores old behavior to the static navigation menu.

Improve input validation for Captive Portal MAC masks

Now rejects decimal masks and masks of size 0.

Support blocking MAC addresses with a mask. Implement #15257

The Captive Portal allows for blocking specific MAC addresses without
using pf rules so a message can be displayed to the client. With this
change, masks can be used to block partial addresses.

Fix some SFP module info fields. Fixes #15112

Text format changed slightly in ifconfig, so regex patterns had to be
changed to match