doc: Update iwd.network.5 with changes from wiki

Fix the AlwaysRandomizeAddress setting name.

Add the stricter specification of the extension syntax.

Clarify that GTC and MD5 can't be used as outer EAP methods with wifi.

src/iwd.network.rst

@@ -71,6 +71,25 @@ the group name and a ``]`` character.  Whitespace is allowed before the
 ``[`` and after the ``]``.  A group name consists of printable characters
 other than ``[`` and ``]``.
 
+If a group name starts with the ``@`` sign, that group's content is handled
+by a parser extension instead and does not cause the previous non-extension
+group to end.  The initial ``@`` sign must be followed by a non-empty
+extension name, another ``@`` sign and a group name as defined above. The
+extension name consists of printable characters other than ``@``. No
+whitespace is allowed after the group header in this case.  The extension
+payload syntax and length are determined by the extension name.  Normal
+parsing rules defined in this section resume at the end of the payload and
+any settings after the end of the payload are handled as part of the previous
+non-extension group.
+
+Currently the only extension supported is named pem and allows embedding the
+contents of a single RFC7468 PEM-formatted payload or a sequence of multiple
+PEM payloads.  The payload should start with the ``-----BEGIN`` string on a
+line following the group header line and end with an ``-----END`` line as
+specified in the RFC.  Newline characters before, between and after PEM
+payloads are included in the extension payload.  No other extra characters
+are allowed.
+
 NAMING
 ======
 
@@ -114,15 +133,15 @@ The group ``[Settings]`` contains general settings.
 
        If enabled, the MAC address will be fully randomized on each connection.
        This option is only used if [General].AddressRandomization is set to
-       'network'. See iwd.config. This value should not be used with
+       'network'. See iwd.config. This setting should not be used with
        [Settings].AddressOverride, if both are set AddressOverride will be used.
    * - AddressOverride
      - MAC address string
 
        Override the MAC address used for connecting to this network. This option
        is only used if [General].AddressRandomization is set to 'network'. See
-       iwd.config. This value should not be used with
-       [Settings].FullAddressRandomization, if both are set AddressOverride will
+       iwd.config. This setting should not be used with
+       [Settings].AlwaysRandomizeAddress, if both are set AddressOverride will
        be used.
 
 Network Authentication Settings
@@ -153,7 +172,12 @@ authentication configuration.
    * - EAP-Method
      - one of the following methods:
 
-       AKA, AKA', GTC, MD5, MSCHAPV2, PEAP, PWD, SIM, TLS, TTLS
+       AKA, AKA', MSCHAPV2, PEAP, PWD, SIM, TLS, TTLS.
+
+       The following additional methods are allowed as TTLS/PEAP inner
+       methods:
+
+       GTC, MD5.
    * - EAP-Identity
      - string
 
@@ -248,7 +272,7 @@ authentication configuration.
        provided.
 
 Network Configuration Settings
--------------------------------
+------------------------------
 
 The group ``[IPv4]`` contains settings for Internet Protocol version 4 (IPv4)
 network configuration with the static addresses.
@@ -343,7 +367,7 @@ directly. This allows IEEE 802.1x network provisioning using a single file
 without any references to certificates or keys on the system.
 
 An embedded PEM can appear anywhere in the settings file using the following
-format (this example the PEM is named 'my_ca_cert'):
+format (in this example the PEM is named 'my_ca_cert'):
 
 .. code-block::
 
@@ -352,7 +376,7 @@ format (this example the PEM is named 'my_ca_cert'):
   <PEM data>
   ----- END CERTIFICATE -----
 
-After this special group tag its as simple as pasting in a PEM file including
+After this special group tag it's as simple as pasting in a PEM file including
 the BEGIN/END tags. Now 'my_ca_cert' can be used to reference the certificate
 elsewhere in the settings file by prefixing the value with 'embed:'