Aleph 446 duplicate nftables rule

[olethanh]

Fix the creation of duplicate nftables rules

Some of our CRN endup with nftables duplicate rules.

Usually there should be less than an hundred total rule for nftables (measured with sudo nft list ruleset|wc -l ) but some server had thousands of rules, those are duplicate and useless and made the network very slow

• This rework the firewall code quite a bit and cleans it
• Move the redirect rule in a new chain aleph-supervisor-prerouting
• Now support multiple base chain for a hook. Which was a problem that made aleph-vm crash on some CRN

Related ClickUp, GitHub or Jira tickets : ALEPH-446

[codecov]

Codecov Report

Attention: Patch coverage is 82.92683% with 28 lines in your changes missing coverage. Please review.

Project coverage is 65.27%. Comparing base (a787875) to head (8ec2efa).
Report is 14 commits behind head on main.

Files with missing lines	Patch %	Lines
src/aleph/vm/network/firewall.py	74.46%	22 Missing and 2 partials ⚠️
src/aleph/vm/models.py	20.00%	3 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #812      +/-   ##
==========================================
+ Coverage   64.65%   65.27%   +0.62%     
==========================================
  Files          84       85       +1     
  Lines        7577     7681     +104     
  Branches      651      664      +13     
==========================================
+ Hits         4899     5014     +115     
+ Misses       2470     2457      -13     
- Partials      208      210       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.