Starting from version 8.0, PAN GlobalProtect portal servers are able to send
a priority rule list for each gateway.  Per
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSsCAK,
the gateways can be prioritized by geographic region.

The gateways should then be presented to the user in order of geographic
priority, rather than just in their order of appearance in
policy/gateways/external/list (from the portal config XML).

How does the client know which geographic region it is in?

1. The client itself may have some way to figure out which region it is
   connecting from (e.g. geolocation, not implemented yet for OpenConnect).
2. The client may have an option to explicitly specifiy the desired region
   (not implemented yet in OpenConnect).
3. The *server* tells the client which region it thinks the client is
   connecting from, in the portal *prelogin* response, and the client
   follows that (implemented here).

Fixes: https://gitlab....