cmd/vet: add subtestnames analyzer; fix all existing violations

Add a new vet analyzer that checks t.Run subtest names don't contain
characters requiring quoting when re-running via "go test -run". This
enforces the style guide rule: don't use spaces or punctuation in
subtest names.

The analyzer flags:
- Direct t.Run calls with string literal names containing spaces,
  regex metacharacters, quotes, or other problematic characters
- Table-driven t.Run(tt.name, ...) calls where tt ranges over a
  slice/map literal with bad name field values

Also fix all 978 existing violations across 81 test files, replacing
spaces with hyphens and shortening long sentence-like names to concise
hyphenated forms.

Updates #19242

Change-Id: Ib0ad96a111bd8e764582d1d4902fe2599454ab65
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

cmd/containerboot/kube_test.go

@@ -31,7 +31,7 @@ func TestSetupKube(t *testing.T) {
 		kc      *kubeClient
 	}{
 		{
-			name: "TS_AUTHKEY set, state Secret exists",
+			name: "authkey-set-secret-exists",
 			cfg: &settings{
 				AuthKey:    "foo",
 				KubeSecret: "foo",
@@ -50,7 +50,7 @@ func TestSetupKube(t *testing.T) {
 			},
 		},
 		{
-			name: "TS_AUTHKEY set, state Secret does not exist, we have permissions to create it",
+			name: "authkey-set-secret-missing-can-create",
 			cfg: &settings{
 				AuthKey:    "foo",
 				KubeSecret: "foo",
@@ -69,7 +69,7 @@ func TestSetupKube(t *testing.T) {
 			},
 		},
 		{
-			name: "TS_AUTHKEY set, state Secret does not exist, we do not have permissions to create it",
+			name: "authkey-set-secret-missing-cannot-create",
 			cfg: &settings{
 				AuthKey:    "foo",
 				KubeSecret: "foo",
@@ -89,7 +89,7 @@ func TestSetupKube(t *testing.T) {
 			wantErr: true,
 		},
 		{
-			name: "TS_AUTHKEY set, we encounter a non-404 error when trying to retrieve the state Secret",
+			name: "authkey-set-get-secret-non-404-error",
 			cfg: &settings{
 				AuthKey:    "foo",
 				KubeSecret: "foo",
@@ -109,7 +109,7 @@ func TestSetupKube(t *testing.T) {
 			wantErr: true,
 		},
 		{
-			name: "TS_AUTHKEY set, we encounter a non-404 error when trying to check Secret permissions",
+			name: "authkey-set-check-perms-error",
 			cfg: &settings{
 				AuthKey:    "foo",
 				KubeSecret: "foo",
@@ -127,7 +127,7 @@ func TestSetupKube(t *testing.T) {
 		},
 		{
 			// Interactive login using URL in Pod logs
-			name: "TS_AUTHKEY not set, state Secret does not exist, we have permissions to create it",
+			name: "no-authkey-secret-missing-can-create",
 			cfg: &settings{
 				KubeSecret: "foo",
 			},
@@ -145,7 +145,7 @@ func TestSetupKube(t *testing.T) {
 		},
 		{
 			// Interactive login using URL in Pod logs
-			name: "TS_AUTHKEY not set, state Secret exists, but does not contain auth key",
+			name: "no-authkey-secret-exists-no-key",
 			cfg: &settings{
 				KubeSecret: "foo",
 			},
@@ -162,7 +162,7 @@ func TestSetupKube(t *testing.T) {
 			}},
 		},
 		{
-			name: "TS_AUTHKEY not set, state Secret contains auth key, we do not have RBAC to patch it",
+			name: "no-authkey-secret-has-key-cannot-patch",
 			cfg: &settings{
 				KubeSecret: "foo",
 			},
@@ -180,7 +180,7 @@ func TestSetupKube(t *testing.T) {
 			wantErr: true,
 		},
 		{
-			name: "TS_AUTHKEY not set, state Secret contains auth key, we have RBAC to patch it",
+			name: "no-authkey-secret-has-key-can-patch",
 			cfg: &settings{
 				KubeSecret: "foo",
 			},

cmd/containerboot/settings.go

@@ -89,24 +89,24 @@ type settings struct {
 
 func configFromEnv() (*settings, error) {
 	cfg := &settings{
-		AuthKey:                               defaultEnvs([]string{"TS_AUTHKEY", "TS_AUTH_KEY"}, ""),
-		ClientID:                              defaultEnv("TS_CLIENT_ID", ""),
-		ClientSecret:                          defaultEnv("TS_CLIENT_SECRET", ""),
-		IDToken:                               defaultEnv("TS_ID_TOKEN", ""),
-		Audience:                              defaultEnv("TS_AUDIENCE", ""),
-		Hostname:                              defaultEnv("TS_HOSTNAME", ""),
-		Routes:                                defaultEnvStringPointer("TS_ROUTES"),
-		ServeConfigPath:                       defaultEnv("TS_SERVE_CONFIG", ""),
-		ProxyTargetIP:                         defaultEnv("TS_DEST_IP", ""),
-		ProxyTargetDNSName:                    defaultEnv("TS_EXPERIMENTAL_DEST_DNS_NAME", ""),
-		TailnetTargetIP:                       defaultEnv("TS_TAILNET_TARGET_IP", ""),
-		TailnetTargetFQDN:                     defaultEnv("TS_TAILNET_TARGET_FQDN", ""),
-		DaemonExtraArgs:                       defaultEnv("TS_TAILSCALED_EXTRA_ARGS", ""),
-		ExtraArgs:                             defaultEnv("TS_EXTRA_ARGS", ""),
-		InKubernetes:                          os.Getenv("KUBERNETES_SERVICE_HOST") != "",
-		UserspaceMode:                         defaultBool("TS_USERSPACE", true),
-		StateDir:                              defaultEnv("TS_STATE_DIR", ""),
-		AcceptDNS:                             defaultEnvBoolPointer("TS_ACCEPT_DNS"),
+		AuthKey:            defaultEnvs([]string{"TS_AUTHKEY", "TS_AUTH_KEY"}, ""),
+		ClientID:           defaultEnv("TS_CLIENT_ID", ""),
+		ClientSecret:       defaultEnv("TS_CLIENT_SECRET", ""),
+		IDToken:            defaultEnv("TS_ID_TOKEN", ""),
+		Audience:           defaultEnv("TS_AUDIENCE", ""),
+		Hostname:           defaultEnv("TS_HOSTNAME", ""),
+		Routes:             defaultEnvStringPointer("TS_ROUTES"),
+		ServeConfigPath:    defaultEnv("TS_SERVE_CONFIG", ""),
+		ProxyTargetIP:      defaultEnv("TS_DEST_IP", ""),
+		ProxyTargetDNSName: defaultEnv("TS_EXPERIMENTAL_DEST_DNS_NAME", ""),
+		TailnetTargetIP:    defaultEnv("TS_TAILNET_TARGET_IP", ""),
+		TailnetTargetFQDN:  defaultEnv("TS_TAILNET_TARGET_FQDN", ""),
+		DaemonExtraArgs:    defaultEnv("TS_TAILSCALED_EXTRA_ARGS", ""),
+		ExtraArgs:          defaultEnv("TS_EXTRA_ARGS", ""),
+		InKubernetes:       os.Getenv("KUBERNETES_SERVICE_HOST") != "",
+		UserspaceMode:      defaultBool("TS_USERSPACE", true),
+		StateDir:           defaultEnv("TS_STATE_DIR", ""),
+		AcceptDNS:          defaultEnvBoolPointer("TS_ACCEPT_DNS"),
 		KubeSecret: func() string {
 			if os.Getenv("KUBERNETES_SERVICE_HOST") != "" {
 				return defaultEnv("TS_KUBE_SECRET", "tailscale")