Add the `mqtt.max_connections` configuration key, which sets a
node-wide limit on the number of concurrent MQTT connections.

The limit is checked in `rabbit_mqtt_processor:process_connect/5`
as the first step in the CONNECT packet handler, before
authentication. When exceeded, the broker returns a CONNACK with
reason code `quota_exceeded` (MQTT 5) or return code
`not_authorized` (MQTT 3.x/4).

The active connection count is obtained via
`ets:info(persistent_term:get(?PG_SCOPE), size)`. The MQTT plugin
creates a node-local PG scope in `rabbit_mqtt_sup`; each connection
joins it via `pg:join/3` in `register_client_id/4`, using
`{VHost, ClientId}` as the group key. Since the MQTT spec requires
unique client IDs per vhost, which RabbitMQ enforces, each group
has exactly one member. The PG scope ETS table therefore has one
row per active connection node-wide, covering all listeners and
transports (plain TCP, TLS, and Web MQTT). `ets:info/2` reads this
count in O(1) - important given that MQTT nodes can host a very
large number of connections.

The check runs before `register_client_id/4`, so the current
connection is not yet counted; the limit comparison is `>= Limit`.

When `mqtt.max_connections` is absent, `application:get_env/3`
returns `infinity` and no check is performed.

A `node_connection_limit` test is added to the `limit` group in
`auth_SUITE`.

(cherry picked from commit 9c1683a)

(cherry picked from commit eff88a3)

`rabbit_mqtt_keepalive:handle/2` returns `{error, _}` when
`inet:getstat/2` fails on an already-closed socket (typically
`einval`). Route these through `network_error/2` so the pending
`{tcp_closed, Socket}` message handles teardown cleanly, instead
of crashing the reader which in turn makes
the test fail.

(cherry picked from commit ee8fedd)