feat(zerotier): add ZeroTier network governance module

Add comprehensive ZeroTier integration for managing network access:

- Portal networks: manager-created ZeroTier network bindings
- Device registration: user-owned ZeroTier node endpoints
- Approval workflows: request/approve/revoke network access
- Activation sessions: time-limited network authorization
- Kill switch: emergency access revocation
- Reconciliation job: sync portal state with ZeroTier controller

Includes ZeroTier client SDK supporting both Central and self-hosted
controller APIs, with full CRUD operations for networks and members.

config/base.py

@@ -129,6 +129,20 @@ class BaseConfig:
     # Frontend URL (for OAuth callback redirects)
     FRONTEND_URL = os.getenv("FRONTEND_URL", "http://localhost:8080")
 
+    # ZeroTier Configuration
+    ZEROTIER_API_TOKEN = os.getenv("ZEROTIER_API_TOKEN", "")
+    ZEROTIER_API_URL = os.getenv(
+        "ZEROTIER_API_URL",
+        "http://localhost:9993",
+    )
+    ZEROTIER_API_MODE = os.getenv("ZEROTIER_API_MODE", "controller").lower()
+    ZEROTIER_DEFAULT_ACTIVATION_LIFETIME_MINUTES = int(
+        os.getenv("ZEROTIER_DEFAULT_ACTIVATION_LIFETIME_MINUTES", "480")
+    )
+    ZEROTIER_RECONCILIATION_INTERVAL_SECONDS = int(
+        os.getenv("ZEROTIER_RECONCILIATION_INTERVAL_SECONDS", "120")
+    )
+
     # Email / SMTP
     EMAIL_ENABLED = os.getenv("EMAIL_ENABLED", "False").lower() == "true"
     SMTP_HOST = os.getenv("SMTP_HOST", "smtp.gmail.com")