Feature request: Option to deny DHCP leases to unknown clients in Kea GUI

[Netlearn]

Hello,

I would like to propose a feature request regarding the Kea DHCP implementation in OPNsense.

Currently, while Kea itself supports configurations where only clients with defined reservations are allowed to receive leases, there is no exposed option in the OPNsense GUI to enforce this behavior (i.e., effectively "deny unknown clients" as in the deprecated ISC).

This request is not based from a security perspective, but thinking of an additional control layer, ensuring that only explicitly defined hosts receive IP addresses.

For example, if I bring a new device to my network and the MAC is not shown, I can connect it and find it before the device could access the internet or even the local network. This allows me to put the relevant rules on it, allowing or denying what the new device can do beforehand. This is my main use case, but I'm sure there is a lot more.

Having an explicit GUI option such as "Allow only clients with reservations" or "Deny unknown DHCP clients" would improve clarity, usability, and feature parity with both legacy ISC DHCP behavior and Kea's native capabilities.

Maybe, this could be implemented as an advanced option, disabled by default, to preserve current behavior and avoid impacting existing deployments.

Not sure how an Issue has to be opened in Github or if this question deserves one, not very familiar with the way it should be done, sorry.