Perform CIDR validation in localapi instead of cmd/tailscale

### What is the issue?

The control plane requires that CIDRs for subnet routes use the network address (no host bits set). This requirement is enforced by the logic in cmd, but not by the localapi. 

If you send the localapi an invalid CIDR such as 192.168.1.1/24, it will happily accept it and send it on to the control plane, which then creates errors there.

The localapi should enforce these requirements so that the check is completed no matter how the updated route is sent.

Refs:

Check in cmd:
https://github.com/tailscale/tailscale/blob/e4847fa77bf669570d2b4242e402ffb8af8f80ac/cmd/tailscale/cli/set.go#L300

Discord thread related to the resulting admin panel error:
https://discord.com/channels/1379528469859532931/1450887790425407578/1450887790425407578

### Steps to reproduce

_No response_

### Are there any recent changes that introduced the issue?

_No response_

### OS

_No response_

### OS version

_No response_

### Tailscale version

_No response_

### Other software

_No response_

### Bug report

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Perform CIDR validation in localapi instead of cmd/tailscale #18243

What is the issue?

Steps to reproduce

Are there any recent changes that introduced the issue?

OS

OS version

Tailscale version

Other software

Bug report

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Perform CIDR validation in localapi instead of cmd/tailscale #18243

Description

What is the issue?

Steps to reproduce

Are there any recent changes that introduced the issue?

OS

OS version

Tailscale version

Other software

Bug report

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions