Warn in docs(?) about (not) starting openvpn from the tty

[wdoekes]

If you start openvpn from a tty, the password might only be asked on the tty directly, and not end up in /run/systemd/ask-password.

    /* If systemd is not available, use the default built-in mechanism */
    if (!check_systemd_running())
    {
        return query_user_exec_builtin();
    }

    /* Loop through the complete query setup and when needed, collect the information */
    for (i = 0; i < QUERY_USER_NUMSLOTS && query_user[i].response != NULL; i++)
    {
        if (!get_console_input_systemd(query_user[i].prompt, query_user[i].echo,
                                       query_user[i].response, query_user[i].response_len) )

If openvpn detects systemd (at all), it will call /bin/systemd-ask-password --echo --icon network-vpn "Enter Auth Username:" -- but this may end up on the command line directly, instead of in /run/systemd/ask-password.

If you call it from the command line, there is a tty, and the question appears in the tty only. So we either need --no-tty in /bin/systemd-ask-password [--no-tty] --echo --icon network-vpn "Enter Auth Username:" or we should spawn openvpn from systemd [--user], or we should explicitly hide the tty. Like this:

Example, no tty:

$ sudo openvpn acme.conf </dev/null 
...

$ ls /run/systemd/ask-password -l
total 4
-rw-r--r-- 1 root root 172 feb  6 10:36 ask.u5qBKC
srw------- 1 root root   0 feb  6 10:36 sck.4b4b3768d708fe55

Only if there is something in /run/systemd/ask-password can openvpn-u2f-ask-password handle anything.