config: parsing support for multiple Vault clusters in agent config (#18224)

Add the plumbing we need to accept multiple Vault clusters in Nomad agent
configuration, to support upcoming Nomad Enterprise features. The `vault` blocks
are differentiated by a new `name` field, and if the `name` is omitted it
becomes the "default" Vault configuration. All blocks with the same name are
merged together, as with the existing behavior.

Unfortunately we're still using HCL1 for parsing configuration and the `Decode`
method doesn't parse multiple blocks differentiated only by a field name without
a label. So we've had to add an extra parsing pass, similar to what we've done
for HCL1 jobspecs.

For now, all existing consumers will use the "default" Vault configuration, so
there's no user-facing behavior change in this changeset other than the contents
of the agent self API.

Ref: https://github.com/hashicorp/team-nomad/issues/404

command/agent/testdata/extra-vault.hcl

@@ -0,0 +1,25 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+# this unnamed (default) config should merge cleanly onto the basic config
+vault {
+  enabled = true
+  token   = "abracadabra"
+}
+
+# this alternate config should be added as an extra vault config
+vault {
+  name                  = "alternate"
+  address               = "127.0.0.1:9501"
+  allow_unauthenticated = true
+  task_token_ttl        = "5s"
+  enabled               = true
+  token                 = "xyzzy"
+  ca_file               = "/path/to/ca/file"
+  ca_path               = "/path/to/ca"
+  cert_file             = "/path/to/cert/file"
+  key_file              = "/path/to/key/file"
+  tls_server_name       = "barbaz"
+  tls_skip_verify       = true
+  create_from_role      = "test_role2"
+}

command/agent/testdata/sample0.json

@@ -82,6 +82,7 @@
     "verify_server_hostname": true
   },
   "vault": {
+    "name": "default",
     "address": "http://host.example.com:8200",
     "create_from_role": "nomad-cluster",
     "enabled": true