dns: don't apply DNS configuration for external connections

External connections are devices that are configured outside of
NetworkManager. Such devices should be mostly ignored and not
be interfered with.

Note that we tend to create external connection profiles for
such devices. That happens for example if you use wg-quick to
manage a WireGuard interface outside of NetworkManager. But it
really happens for any interface.

This generated profile has no DNS configuration. Unless we use
the systemd-resolved backend, they thus don't contribute to the DNS
settings (which is fine).

However, with systemd-resolved, NetworkManager would also reset
the DNS configuration of those external interfaces. That is clearly
wrong. NetworkManager should only care about the interfaces that it
actively manages and leave others alone.

How to reproduce: use systemd-resolved and configure an interface outside
of NetworkManager. Note that `nmcli device` shows the state as
"connected (externally)". Note that `resolvectl` shows the DNS configuration
on that external interface. Do something in NetworkManager to trigger
a DNS update (e.g. SIGHUB or reactivate a profile). Note in `resolvectl`
that the external interface's DNS configuration was wiped.

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/563#note_673283
(cherry picked from commit 395665902b)

src/nm-policy.c

@@ -143,6 +143,11 @@ _dns_manager_set_ip_config(NMDnsManager *    dns_manager,
                            NMDnsIPConfigType ip_config_type,
                            NMDevice *        device)
 {
+    if (nm_device_sys_iface_state_is_external(device)) {
+        nm_dns_manager_set_ip_config(dns_manager, ip_config, NM_DNS_IP_CONFIG_TYPE_REMOVED);
+        return;
+    }
+
     if (NM_IN_SET(ip_config_type, NM_DNS_IP_CONFIG_TYPE_DEFAULT, NM_DNS_IP_CONFIG_TYPE_BEST_DEVICE)
         && device
         && nm_device_get_route_metric_default(nm_device_get_device_type(device))