better support for running multiple separate brokers

[tpetr]

This PR lays the foundation for cleanly supporting multiple broker replicas for an organization. The current problems are:

1. Running identical replicas cause the brokers to fight between one another for who "owns" the peer connection. It's possible that requests can fail during some of the ownership transition periods.
2. Running multiple replicas with different peer addresses but identical keypairs doen't work -- wireguard expects each keypair to be unique
3. Running multiple replicas with same peer address but different keypairs would work, but they'd still fight over which peer connection is which

The solution we're going with is to concatenate multiple keys together into one mega key, and then use a new config field (inbound.wireguard.brokerIndex in config or --broker-index on the command line) to select which offset key and peer address to connect with. Benefit here is that it means a) minimial config changes and b) is backwards compatible with old brokers. Only thing we'll need to keep in mind is that folks will have to use our key generation comments -- wg genkey / wg pubkey won't work for multiple brokers.

Tl;dr:

1. Update genkey command to generate multiple keys concatenated together (default 3)
2. Update pubkey command to properly handle multiple private keys concatenated together
3. Update inbound proxy to select appropriate private key and local address depending on broker index value

There are some companion changes that need to be done in the broker gateway, but as long as nobody is using the broker index setting yet, everything should work.