WireGuard: Improve config error handling; Prevent panic in case of errors during server initialization

[IlyaGulya]

This pull request:

1. Properly wraps config building errors with context-rich error messages
2. Adds validation for empty WireGuard keys with clear error messages
3. Implements proper resource cleanup in WireGuard TUN device with a sync.Once to prevent double-close issues leading to panic
4. Adds test case to verify WireGuard server initialization handles errors gracefully without panicking

Overall, this leads to much better user experience in case of misconfiguration

[Fangliding]

1 应该使用项目内部的errors包
2 旧的代码在什么使用情况下会导致崩溃?

[IlyaGulya]

1. Ok, I will fix
2. For example, here I forgot to nest the protocol-specific settings in settings field, this will lead to secretKey being empty and this will lead to panic.

{
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": "50120",
      "tag": "wg",
      "protocol": "wireguard",
      "secretKey": "SOMEKEY",
      "peers": [
        {
          "publicKey": "SOMEKEY"
        }
      ]
    }
  ]
}```

[Fangliding]

这在infra/conf部分处理就行了 我的意思是后面tun.go的部分

[IlyaGulya]

Fixed to use internal errors package.
Regarding the tun.go fix. My example was only about the wrong secretKey, but I suppose that any IPC error during the initialization would lead to the panic.
I suppose there's a better way to handle it, like fixing the double close, but this was just the simpliest fix I've come up with

[RPRX]

看了下代码，就是加了详细的配置错误说明，Close() 内加了个 sync.Once 类似 quic-go/quic-go#4798 ，加了个 test，可以合并

WireGuard 这部分代码不是很重要，属于是谁愿意改谁改，改出 bug 的话再修，反正不是很重要

[RPRX]

我都改了标题 GitHub 还背刺？写 release notes 时还得手动加 first contribution，烦死了我草