Introduce an object for managing firewall rulesets
    
    The network and nwfilter drivers both have a need to update
    firewall rules. The currently share no code for interacting
    with iptables / firewalld. The nwfilter driver is fairly
    tied to the concept of creating shell scripts to execute
    which makes it very hard to port to talk to firewalld via
    DBus APIs.
    
    This patch introduces a virFirewallPtr object which is able
    to represent a complete sequence of rule changes, with the
    ability to have multiple transactional checkpoints with
    rollbacks. By formally separating the definition of the rules
    to be applied from the mechanism used to apply them, it is
    also possible to write a firewall engine that uses firewalld
    DBus APIs natively instead of via the slow firewalld-cmd.
    
    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>