netconfig: allow configuring input filter rules

[stapelberg]

Currently, the only nftables rule we configure in the input filter table is the counter rule:

router7/internal/netconfig/netconfig.go

Lines 1145 to 1155 in 6e73981

	c.AddRule(&nftables.Rule{
	Table: filter,
	Chain: input,
	Exprs: []expr.Any{
	// [ counter name input ]
	&expr.Objref{
	Type: NFT_OBJECT_COUNTER,
	Name: counter.Name,
	},
	},
	})

For example, for a hidden primary DNS setup, allowing DNS traffic only from the secondary name servers is a good security measure:

root# nft add rule ip6 filter input position 7 udp dport 53 ip6 saddr != 2a0a:c980::53 drop