feat: allow node-to-node tailnet subscriptions

Remove the client-only restriction on coordinate subscribe. Nodes on the
same network can now discover each other for peer-to-peer messaging.
Network scoping is enforced by the runtime credential's NetworkID in
StablePrincipalUUID -- a node cannot subscribe to nodes in other networks.

Author: noeljackson

internal/relay/tailnet.go

@@ -129,13 +129,6 @@ func tailnetCoordinateHandler(cfg RelayConfig, st store.Store, coord *tailnetlib
 				}
 				coord.UpdateNode(peerID, req.Node)
 			case "subscribe":
-				if claims.SubjectKind != networkauth.SubjectKindClient {
-					_ = writeTailnetResponse(ctx, wsConn, peer.TailnetCoordinateResponse{
-						Type:  "error",
-						Error: "only client peers may subscribe",
-					})
-					continue
-				}
 				target := strings.TrimSpace(req.TargetNode)
 				if target == "" {
 					_ = writeTailnetResponse(ctx, wsConn, peer.TailnetCoordinateResponse{