Allow data plane configuration at runtime (#2477)

## Changelog

- Updates connlib parameter API_URL (formerly known under different
names as `CONTROL_PLANE_URL`, `PORTAL_URL`, `PORTAL_WS_URL`, and
friends) to be configured as an "advanced" or "hidden" feature at
runtime so that we can test production builds on both staging and
production.
- Makes `AUTH_BASE_URL` configurable at runtime too
- Moves `CONNLIB_LOG_FILTER_STRING` to be configured like this as well
and simplifies its naming
- Fixes a timing attack bug on Android when comparing the `csrf` token
- Adds proper account ID validation to Android to prevent invalid URL
parameter strings from being saved and used
- Cleans up a number of UI / view issues on Android regarding typos,
consistency, etc
- Hides vars from from the `relay` CLI we may not want to expose just
yet
- `get_device_id()` is flawed for connlib components -- SMBios is rarely
available. Data plane components now require a `FIREZONE_ID` now instead
to use for upserting.


Fixes #2482 
Fixes #2471

---------

Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Gabi <gabrielalejandro7@gmail.com>

rust/firezone-cli-utils/src/lib.rs

@@ -24,15 +24,18 @@ where
 /// Arguments common to all Firezone CLI components.
 #[derive(Args, Clone)]
 pub struct CommonArgs {
-    /// Firezone admin portal websocket URL
     #[arg(
         short = 'u',
         long,
-        env = "PORTAL_URL",
+        hide = true,
+        env = "FIREZONE_API_URL",
         default_value = "wss://api.firezone.dev"
     )]
-    pub portal_url: Url,
+    pub api_url: Url,
+    /// Identifier generated by the portal to identify and display the device.
+    #[arg(short = 'i', long, env = "FIREZONE_ID")]
+    pub firezone_id: String,
     /// Token generated by the portal to authorize websocket connection.
-    #[arg(short = 't', long, env = "PORTAL_TOKEN")]
-    pub portal_token: String,
+    #[arg(env = "FIREZONE_TOKEN")]
+    pub token: String,
 }