Basic netkey test but now using marking and vti interfaces with routing.

This test sets up a "routed vpn" with a 0.0.0.0/0 <-> 0.0.0.0/0 policy.

Whatever west decides to route into the vti device, is what is getting
encrypted. Note that east uses no marks and encrypts everything back.
(this kind of mismatch is exactly why routed vpns are not recommended)

This test case uses a single mark for input and output. Two separate
marks could be used to separate incoming and outgoing traffic. In
that case, the ip tunnel command uses okey and ikey instead of key.

Because of the asymmetry, it can cause some stray packets hitting the
XFRM without a poicy.