5fb6cba4de
Tests subnet allocation (gap-filling, duplicate rejection), global server key sharing, peer isolation across tenant subnets, allowed-IPs overlap validation, RouterOS command generation, and CASCADE cleanup on tenant deletion. sync_wireguard_config is patched to a no-op since it opens its own DB session outside the test transaction. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>