nym-node-setup: plumb HOST_SSH_PORT through tunnel manager, CLI, and env setup

[p17o]

Summary

This PR makes the host management SSH port configurable across the nym-node-setup flow instead of hardcoding port 22 in the tunnel manager.

It also removes host firewall drift in network-tunnel-manager.sh by using shared host firewall port definitions for configuration, status, and test output.

What changed

scripts/nym-node-setup/network-tunnel-manager.sh

• added support for HOST_SSH_PORT with a default of 22
• validate HOST_SSH_PORT as an integer in the range 1..65535
• load values from ENV_FILE (or local env.sh) so the script can consume operator-provided configuration
• replaced hardcoded host SSH port 22 in host firewall handling
• centralized managed host firewall TCP/UDP port definitions
• fixed the existing drift where UDP 4443 was opened during configuration but not shown in status output or checked in test output

scripts/nym-node-setup/nym-node-cli.py

• added CLI support for --host-ssh-port
• plumbed HOST_SSH_PORT into the generated env.sh
• ensured the CLI validates and persists the configured host SSH port alongside the other setup values

scripts/nym-node-setup/setup-env-vars.sh

• added interactive prompting for HOST_SSH_PORT
• validate the entered port before writing env.sh
• include HOST_SSH_PORT in the confirmation summary
• persist HOST_SSH_PORT in the generated env file

Why

Before this change:

• the host management SSH port was hardcoded to 22
• the tunnel manager did not cleanly consume a configured host SSH port from the broader setup flow
• the managed host firewall ports were defined separately in multiple places
• UDP 4443 was configured but omitted from status and test output
• the SSH-related naming was ambiguous

Using HOST_SSH_PORT makes it explicit that this setting controls the host's management SSH port, not any SSH-related traffic that might be relevant to exit-policy handling.

Backwards compatibility

• default behavior remains unchanged when HOST_SSH_PORT is not set
• the host management SSH port still defaults to 22
• existing setup flows continue to work without additional input
• operators can now override the host SSH port either interactively, via env, or via CLI

Examples

Interactive setup:

./setup-env-vars.sh

<!-- Reviewable:start -->
- - -
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/nymtech/nym/6633)
<!-- Reviewable:end -->

[vercel]

Someone is attempting to deploy a commit to the nyx-network Team on Vercel.

A member of the Team first needs to authorize it.

[p17o]

@serinko next improvement will be to allow specifying the host ssh interface (e.g. for folks using tailscale). Happy to add to this one, let me know once you're done reviewing

[serinko]

Hey, I went through it quickly and it looks very good. Definitely want to do a proper review, testing and merge it before EOW.

Really appreciate your contribution.