T8454: fix VRF-blind port availability check in service_https

[statio]

Change summary

When service https is configured with a listen-address on a VRF interface, adding or changing the vrf option causes the commit to fail with "TCP port 443 is used by another service!" even though no conflict exists.

Root cause: check_port_availability() performs a socket.bind() in the default network namespace. When the listen-address belongs to a VRF interface the address is unreachable from the default namespace, so the bind fails with OSError which is misinterpreted as "port in use". The secondary check via is_listen_port_bind_service() also fails because psutil cannot see sockets bound inside a VRF.

Fix: add an optional vrf parameter to check_port_availability(). When set, the socket bind test is executed inside the VRF namespace via ip vrf exec, so that VRF interface addresses are reachable and the port availability result is correct.

service_https verify() now passes the configured VRF (if any) to check_port_availability(). Non-VRF configurations are unaffected.

Add smoke test for HTTPS with listen-address inside a VRF.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Code style update (formatting, renaming)
• Refactoring (no functional changes)
• Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
• Other (please describe):

Related Task(s)

• https://vyos.dev/T8454

Related PR(s)

How to test / Smoketest result

Added test_listen_address_vrf to test_service_https.py. The test:

1. Creates VRF mgmt with a dummy interface and address
2. Configures service https with listen-address and vrf pointing to the VRF
3. Commits (previously failed with "TCP port 443 is used by another service!")
4. Verifies nginx is running inside the VRF namespace

$ /usr/libexec/vyos/tests/smoke/cli/test_service_https.py TestHTTPSService.test_listen_address_vrf

Testing done directly in current-rolling release router build. Zero errors.

Checklist:

• I have read the CONTRIBUTING document
• I have linked this PR to one or more Phabricator Task(s)
• I have run the components SMOKETESTS if applicable
• My commit headlines contain a valid Task id
• My change requires a change to the documentation
• I have updated the documentation accordingly

[github-actions]

All contributors have signed the CLA ✍️ ✅
_{Posted by the CLA Assistant Lite bot.}

[github-actions]

👍
No issues in PR Title / Commit Title

[statio]

I have read the CLA Document and I hereby sign the CLA

[sever-sever]

Why did you change quotes in several places?
Some changes are not related to this PR

[github-actions]

CI integration 👍 passed!

Details

CI logs

• CLI Smoketests 👍 passed
• CLI Smoketests (interfaces only) 👍 passed
• Config tests 👍 passed
• RAID1 tests 👍 passed
• CLI Smoketests VPP 👍 passed
• Config tests VPP 👍 passed
• TPM tests 👍 passed