fix: address containerd errata

[jackfrancis]

Reason for Change:

This PR addresses three observed issues w/ the Azure-curated containerd implementation:

• Ensure that we are using the v2 configuration on agent as well as master nodes
• Ensure that we configure iptables for IP forwarding
• Ensure that we configure (via sysctl) the IPv4 stack for IP forwarding

Issue Fixed:

Requirements:

• uses conventional commit messages
• includes documentation
• adds unit tests
• tested upgrade from previous version

Notes:

[codecov]

Codecov Report

Merging #2865 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #2865   +/-   ##
=======================================
  Coverage   72.46%   72.46%           
=======================================
  Files         140      140           
  Lines       25675    25675           
=======================================
  Hits        18606    18606           
  Misses       5993     5993           
  Partials     1076     1076

[cpuguy83]

WDYT if instead of changing the default forwarding policy if we do something like:

-A FORWARD -i azure0 -o azure0 -j ACCEPT
-A FORWARD -i azure0 ! -o azure0 -j ACCEPT

This way we only forward packets for azure0.

[jackfrancis]

Yes, let's do this as a follow-up for both docker and containerd (as far as I can tell this additional targeted hardening is appropriate for any CRI).

[cpuguy83]

LGTM