cmd/tailscaled: default --encrypt-state to true if TPM is available (#17376)

Whenever running on a platform that has a TPM (and tailscaled can access
it), default to encrypting the state. The user can still explicitly set
this flag to disable encryption.

Updates https://github.com/tailscale/corp/issues/32909

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>

feature/tpm/tpm_test.go

@@ -277,15 +277,6 @@ func TestMigrateStateToTPM(t *testing.T) {
 	}
 }
 
-func tpmSupported() bool {
-	tpm, err := open()
-	if err != nil {
-		return false
-	}
-	tpm.Close()
-	return true
-}
-
 type mockTPMSealProvider struct {
 	path string
 	data map[ipn.StateKey][]byte