This adds nested policy validation, which lets you specify the nested attribute type, e.g. NLA_NESTED with sub-policy, or the new NLA_NESTED_ARRAY with sub-sub-policy.
Changes in v2: * move setting the bad attr pointer/message into validate_nla() * remove the recursion patch since that's no longer needed * simply skip the generic bad attr pointer/message setting in case of nested nla_validate() failing since that could fail only due to validate_nla() failing inside, which already sets the extack information Changes in v3: * fix NLA_REJECT to have an error message if none is in policy johannes