Refactor lmn_vpn role

- Separate `lmn_vpn` from `lmn_teacherlaptop`.
- Implement a check for the availability of the wireguard-server during the wg-config rollout.
- Enhance variable support with a standardized naming schema:
  - VPN selection via `vpn` variable (`none`, `wg`).
  - Wireguard configuration (endpoint, allowed IPs, ip_cdr, dns, searchpath).
- Run wg-config role in separate play with serial 1 to avoid conflicts, when the role attempts
  to determine the next free Wireguard IP on the server when role try to Add a check to verify if the radius certificate is revoked.
- Ensure required packages and services are only installed and configured if the `vpn` variable is set.
- Provide documentation for `lmn_vpn` module.

doc/vpn.md

@@ -0,0 +1,46 @@
+# VPN
+
+Provides VPN access to school network via 
+
+- Wireguard
+
+Which vpn method is used is determined by the variable `vpn`
+
+Choices:
+* `"none"` <- (default)
+* `"wg"`
+
+## Description / use cases
+
+* This module provides a NetworkManager Config with valid wireguard credentials.
+* Private/public keys will be created and configured on wireguard-server.
+* After VPN-connection is established, network shares will be connected and printers will be installed too.
+
+## Requirements
+
+* You need to run a wireguard server. For installation see https://codeberg....
+* The user, running this playbook, must have access to the wireguard-Server via ssh.
+
+## Example
+
+VPN profile will be created on teacher devices
+
+inventory.yml
+```yaml
+infrastructure:
+  hosts:
+    wg_server:
+      ansible_host: 10.0.0.16
+      ansible_user: ansible
+
+teacherdevices:
+  hosts:
+    10.0.14.[1..75]
+  vars:
+    vpn: wg
+    wg_endpoint: "203.0.113.1:51820"
+    wg_allowed_ips: "10.0.0.0/16;"
+    wg_ip_cdr: 24
+    wg_dns: "9.9.9.9"
+    wg_dns_search: "example.com"
+```