Motivation for this change

I like to use wireguard to maintain a constant connection to my office and my home network, but I'm frequently physically connected to those networks. Without this patch, starting wireguard would fail for whichever network I was physically connected to, because ip route replace didn't play nicely with the (correct) overlapping local routes.

This patch fixes this by explicitly deleting the routes for the wireguard interface, then re-adding the new ones (in case they have changed). I didn't make an attempt to avoid deleting and re-adding unchanged routes, because I figure people will expect restarting wireguard to entail a short downtime (and this is very short).

I also arbitrarily picked a metric of 10000 to ensure that traffic is directed to the local connection in preference to wireguard, when the local connection is available. I'm sure there's a better way of choosing a metric, but this works 100% reliably for me, and I suspect it will also for most others.

This is the kind of PR that often languishes, so if I don't get any pushback within the next week or so, I'll assume it's good and go ahead and merge.

Things done

• Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
• Built on platform(s)
  • NixOS
  • [N/A] macOS
  • [N/A] other Linux distributions
• [N/A] Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
• [N/A] Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
• [N/A] Tested execution of all binary files (usually in ./result/bin/)
• [N/A] Determined the impact on package closure size (by running nix path-info -S before and after)
• [N/A] Assured whether relevant documentation is up to date
• Fits CONTRIBUTING.md.