feat(net-scan): align gateway scans with local planning

[irvingouj@Devolutions (irvingoujAtDevolution)]

Summary

Brings gateway-backed network scans closer to local scan parity without the ARP/NDP discovery slice.

• Protocol/query parameters: supports combinable target + range, interface_id source selection, IPv4/IPv6 family validation, oversized-range guard, structured range_outside_selected_interfaces 400, independent report_ping_{start,success,failure} knobs, enable_failure kept as a legacy TCP-only alias, max_ping_concurrency / max_tcp_probe_concurrency, and interface_bind_strict.
• Endpoints: adds /jet/net/interfaces with stable source IDs plus interface metadata and capability flags. Documents /jet/net/scan in OpenAPI. Adds RFC 8594 Deprecation/Sunset/Link headers to the legacy /jet/net/config endpoint.
• Planning/source selection: introduces explicit target/range planning, selected-interface handling, range/interface policy enforcement, source inventory modeling, and interface-aware scan execution.
• Result shape: adds response_format=network_scan_result_v1 while preserving the legacy websocket event format.
• Socket interface bind: supports interface binding for ping/TCP probes across supported platform paths.
• Internal cleanup: replaces positional filter bools with ScanEventFilterConfig, adds named source/link metadata structures, and moves scanner/proto unit tests under src/tests/ modules.

ARP/NDP neighbor discovery, active probing, passive neighbor snapshots, and MAC enrichment were removed from this PR and preserved locally on backup-feat-network-scan-improvement-with-arp-ndp for a follow-up review slice.

Current diff: 34 files changed, +4612/-602.

Test plan

Passed:

• cargo +nightly fmt --all -- --check
• cargo check --workspace --tests
• cargo clippy --workspace --tests -- -D warnings
• cargo test -p network-scanner-proto -p network-scanner-net -p network-scanner --lib
• cargo test -p devolutions-gateway --lib api

Full workspace tests:

• cargo test --workspace currently fails in the existing testsuite integration binary with 19 CLI/integration failures, including gateway heartbeat/AI gateway/Jetsocat/TLS anchoring/traffic audit cases. The failure includes a poisoned LazyLock in testsuite::cli::dgw_tokio_cmd, so this needs separate investigation before claiming full-suite green.

Still to validate separately:

• Linux target check/clippy/test-build.
• macOS target check/clippy/test-build.

[github-actions]

Let maintainers know that an action is required on their side

• Add the label release-required Please cut a new release (Devolutions Gateway, Devolutions Agent, Jetsocat, PowerShell module) when you request a maintainer to cut a new release (Devolutions Gateway, Devolutions Agent, Jetsocat, PowerShell module)

• Add the label release-blocker Follow-up is required before cutting a new release if a follow-up is required before cutting a new release

• Add the label publish-required Please publish libraries (`Devolutions.Gateway.Utils`, OpenAPI clients, etc) when you request a maintainer to publish libraries (Devolutions.Gateway.Utils, OpenAPI clients, etc.)

• Add the label publish-blocker Follow-up is required before publishing libraries if a follow-up is required before publishing libraries