Summary

Improve commit-confirm so that, if the operator fails to run confirm before the timer expires, the router performs an *in-place* rollback to the previous configuration (same behaviour as rollback-soft) instead of rebooting.

Use case

Network staff routinely rely on commit-confirm when applying potentially disruptive changes over remote links.
Today, forgetting to confirm triggers an automatic reboot, which interrupts data-plane forwarding for several minutes while the platform restarts.

A soft rollback would restore the last known-good configuration much faster, keep kernel state alive, and reduce the outage time.

Additional information

• The core mechanism already exists: rollback-soft, added in late 2024 (https://vyos.dev/T5249), swaps the candidate and running configs without rebooting. Re-using that code path inside commit-confirm should be straightforward.
• No new CLI nodes are required. The default behaviour of commit-confirm simply becomes “soft revert”. An optional reboot switch could preserve the legacy workflow for corner cases.
• Aligns VyOS with other NOS vendors (e.g., Juniper) that already employ non-disruptive rollbacks.
• No evident drawbacks: if the configuration was stable prior to the attempted change, re-applying it in-memory is inherently safe and avoids the delay of a full reboot.