This relates to #293

After discussing with the firewall team, it seems like automated
inserting of individual firewall rules isn't a great idea; the rules are
applied immediately as changes are made, and since these rules are
applied in order, with the first matching rule being acted on, it's easy
to accidentally set up an insecure configuration.  To make matters
worse, there is no good way to identify a single rule from the response;
labels are not required and don't have to be unique, and no other
reasonable choice for an identifier is present.  As such, automated
systems that manage firewall rules should, for that reason, regenerate
the entire ruleset for each update; for applications that want to modify
the existing rules, they should follow a fetch-update-publish model.

This PR is an attempt at the latter for the CLI; a plugin that allows
interactive editing of firewall rules.  This is by no means perfect -
there are still several TODOs in the code, and it could generally be
cleaner - but it should serve as an example of what we might want.o

The interface looks this like:

```
Firewall: example       Status: enabled
Inbound Policy: DROP      Outbound Policy: DROP

Inbound Rules:
 ind | label | protocol | action | ports | addresses
-----+-------+----------+--------+-------+-------------------
 0   |       | TCP      | ACCEPT | 80    | 192.168.12.34/32
 1   |       | TCP      | ACCEPT |       | 12.34.56.0/24

Outbound Rules:
 ind | label | protocol | action | ports | addresses
-----+-------+----------+--------+-------+---------------
 2   | test  | UDP      | ACCEPT |       | 12.34.56.0/24

Global: Toggle [I]nbound or [O]utbound Policy
Rules: [A]dd, [R]emove, or [S]wap
[W]rtie settings or [Q]uit
Saving..
Rules updated successfully!
```

Feedback appreciated

…teractive-firewall-plugin