[WIP] Stabilize CNI connectivity, dns and latent

[chanwit]

This PR fixes a containerd + CNI behavior that users cannot connect to the internet.
After investigation, I have found that there's not FORWARD rules to help the CNI bridge plugin to complete this. So I add simple rules for the Ignite network CIDR to allow forwarding.

fixes #418 #423 #424

[chanwit]

How to test:

$ sudo rm /etc/cni/net.d/10-ignite.conflist 
$ sudo ifconfig cni0 down
$ sudo ip link delete cni0
$ sudo bin/ignite run weaveworks/ignite-ubuntu --ssh
INFO[0006] Created VM with ID "17b100016889f1d3" and name "white-wave" 
INFO[0007] Networking is handled by "cni"               
INFO[0007] Started Firecracker VM "17b100016889f1d3" in a container with ID "ignite-17b100016889f1d3" 
$ sudo bin/ignite ps
VM ID                   IMAGE                           KERNEL                                  SIZE    CPUS    MEMORY          CREATED STATUS  IPS             PORTS   NAME
17b100016889f1d3        weaveworks/ignite-ubuntu:latest weaveworks/ignite-kernel:4.19.47        4.0 GB  1       512.0 MB        6s ago  Up 6s   172.18.0.4              white-wave
$ sudo bin/ignite ssh 17b

root@17b100016889f1d3:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=47 time=36.4 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=47 time=36.2 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=47 time=36.3 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 36.255/36.344/36.428/0.070 ms
root@17b100016889f1d3:~# 

[chanwit]

@stealthybox PTAL

[chanwit]

This PR needs rebase on top of #422

[chanwit]

Test cases implemented by #422 used to verify the behavior and all tests passed.

[chanwit]

withdrawn in favor of #427 #428 #429