supplicant: enable WPA3 transition mode only when interface supports PMF
We have some reports of APs that advertise WPA2/WPA3 with MFP-required=0/MFP-capable=0, and reject the association when the client doesn't support 802.11w.
According to WPA3_Specification_v3.0 section 2.3, when operating in WPA3-Personal transition mode a STA:
-
should allow AKM suite selector: 00-0F-AC:6 (WPA-PSK-SHA256) to be selected for an association;
-
shall negotiate PMF when associating to an AP using SAE.
The first is guaranteed by capability PMF; the second by checking that the interface supports BIP ciphers suitable for PMF.