feat(firewall): add connection tracking state matching support

[riccardotornesello]

Description

This pull request introduces support for matching connection tracking states (ctstate) in firewall rules. The changes span API, CRD, and implementation layers, allowing users to specify connection tracking states as match criteria in firewall configurations.

This feature extends the firewalling functionalities proposed in the PR #2966, but these two PRs are independent so there is no need to merge #2966 before.

With this update, it is possible to add "ctstate" to the "match" field of a filter rule, for example:

apiVersion: networking.liqo.io/v1beta1
kind: FirewallConfiguration
metadata:
  labels:
    liqo.io/managed: "true"
    networking.liqo.io/firewall-category: gateway
    networking.liqo.io/firewall-subcategory: fabric
spec:
  table:
    family: IPV4
    name: test-table
    chains:
      - hook: postrouting
        name: test-chain
        policy: accept
        priority: 99
        type: filter
        rules:
          filterRules:
            - action: accept
              match:
                - ctstate:
                     value:
                       - established
                       - related
                  op: eq

The operations supported are:

• eq, if the ctstate of the packet is in one of the values
• new, if the ctstate is not in any of the values

How Has This Been Tested?

This feature was tested with a firewall configuration that blocks incoming connections from a specific subnet. Without the rule to accept established or related connections, outgoing connections to that subnet were also blocked because responses were not able to pass through. By adding the match rule with ctstate to allow established and related connections, it was possible to block connections in only one direction.

In addition, the result was checked in nftables, ensuring that the rule was actually added to the chain.

[adamjensenbot]

Hi @riccardotornesello. Thanks for your PR!

I am @adamjensenbot.
You can interact with me issuing a slash command in the first line of a comment.
Currently, I understand the following commands:

• /rebase: Rebase this PR onto the master branch (You can add the option test=true to launch the tests
  when the rebase operation is completed)
• /merge: Merge this PR into the master branch
• /build Build Liqo components
• /test Launch the E2E and Unit tests
• /hold, /unhold Add/remove the hold label to prevent merging with /merge

Make sure this PR appears in the liqo changelog, adding one of the following labels:

• feat: 🚀 New Feature
• fix: 🐛 Bug Fix
• refactor: 🧹 Code Refactoring
• docs: 📝 Documentation
• style: 💄 Code Style
• perf: 🐎 Performance Improvement
• test: ✅ Tests
• chore: 🚚 Dependencies Management
• build: 📦 Builds Management
• ci: 👷 CI/CD
• revert: ⏪ Reverts Previous Changes