Support action-triggered site vpn rule for a specific client

- we can do site vpn on schedules
- we can do site vpns by tags
-


idea:
- add a tag to a client when domain name is looked up or traffic hits the site VPN from a client

- this would allow for moving all of that clients traffic to the site vpn as a result

next:

- let this rule expire after some time if the trigger has not activated