Add private network posture check (#1606)

* wip: Add PrivateNetworkCheck checks interface implementation

* use generic CheckAction constant

* Add private network check to posture checks

* Fix copy function target in posture checks

* Add network check functionality to posture package

* regenerate the openapi specs

* Update Posture Check actions in test file

* Remove unused function

* Refactor network address handling in PrivateNetworkCheck

* Refactor Prefixes to Ranges in private network checks

* Implement private network checks in posture checks handler tests

* Add test for check copy

* Add gorm serializer for network range

management/server/posture/network.go

@@ -0,0 +1,54 @@
+package posture
+
+import (
+	"fmt"
+	"net/netip"
+	"slices"
+
+	nbpeer "github.com/netbirdio/netbird/management/server/peer"
+)
+
+type PrivateNetworkCheck struct {
+	Action string
+	Ranges []netip.Prefix `gorm:"serializer:json"`
+}
+
+var _ Check = (*PrivateNetworkCheck)(nil)
+
+func (p *PrivateNetworkCheck) Check(peer nbpeer.Peer) (bool, error) {
+	if len(peer.Meta.NetworkAddresses) == 0 {
+		return false, fmt.Errorf("peer's does not contain private network addresses")
+	}
+
+	maskedPrefixes := make([]netip.Prefix, 0, len(p.Ranges))
+	for _, prefix := range p.Ranges {
+		maskedPrefixes = append(maskedPrefixes, prefix.Masked())
+	}
+
+	for _, peerNetAddr := range peer.Meta.NetworkAddresses {
+		peerMaskedPrefix := peerNetAddr.NetIP.Masked()
+		if slices.Contains(maskedPrefixes, peerMaskedPrefix) {
+			switch p.Action {
+			case CheckActionDeny:
+				return false, nil
+			case CheckActionAllow:
+				return true, nil
+			default:
+				return false, fmt.Errorf("invalid private network check action: %s", p.Action)
+			}
+		}
+	}
+
+	if p.Action == CheckActionDeny {
+		return true, nil
+	}
+	if p.Action == CheckActionAllow {
+		return false, nil
+	}
+
+	return false, fmt.Errorf("invalid private network check action: %s", p.Action)
+}
+
+func (p *PrivateNetworkCheck) Name() string {
+	return PrivateNetworkCheckName
+}