Template:Security-group and mask shared settings

The items are as follows:
 * mask: list of masks that would result in a match, like
 * ip: list of IP addresses that would result in a match, eg  or using CIDR notation.
 * identified: if set to yes, then if the user is identified to Services then it is considered a match.
 * webirc: if set to yes, then if the user comes from a WEBIRC gateway then it is considered a match.
 * websocket: if set to yes, then if the user uses WebSockets then it is considered a match.
 * tls: if set to yes, then if the user is using a SSL/TLS connection then it is considered a match.
 * reputation-score: if set to a value, like, then if the user has a reputation score of this value or higher , it is considered a match. You can also use   to say match on a score of below 10.
 * connect-time: if set to a time value, like  (seconds) or   (5 minutes), then if the user has been connected for longer than this time, it is considered a match. You can also use a value like   to say less than 5 minutes.
 * security-group: this is a match if any of the security groups in this list match.
 * account: list of account name(s) that would result in a match, eg:
 * country: list of country codes that would result in a match, eg:
 * realname: list of realnames (gecos) that would result in a match, eg:
 * certfp: list of certificate fingerprints (sha256) that would result in a match, eg:
 * Other Extended server bans (from 3rd party modules too) can expose more values

Matching rules:
 * Any items set to no mean the check will be skipped (ignored).
 * Any items set to yes that are true mean the result is a match. Only 1 item that is set to yes needs to match! (But.. see next..)
 * If any of the exclude- items match then the final result is NOT a match, even if other things matched.