conf: new network bridge device attribute macTableManager
    
    The macTableManager attribute of a network's bridge subelement tells
    libvirt how the bridge's MAC address table (used to determine the
    egress port for packets) is managed. In the default mode, "kernel",
    management is left to the kernel, which usually determines entries in
    part by turning on promiscuous mode on all ports of the bridge,
    flooding packets to all ports when the correct destination is unknown,
    and adding/removing entries to the fdb as it sees incoming traffic
    from particular MAC addresses.  In "libvirt" mode, libvirt turns off
    learning and flooding on all the bridge ports connected to guest
    domain interfaces, and adds/removes entries according to the MAC
    addresses in the domain interface configurations. A side effect of
    turning off learning and unicast_flood on the ports of a bridge is
    that (with Linux kernel 3.17 and newer), the kernel can automatically
    turn off promiscuous mode on one or more of the bridge's ports
    (usually only the one interface that is used to connect the bridge to
    the physical network). The result is better performance (because
    packets aren't being flooded to all ports, and can be dropped earlier
    when they are of no interest) and slightly better security (a guest
    can still send out packets with a spoofed source MAC address, but will
    only receive traffic intended for the guest interface's configured MAC
    address).
    
    The attribute looks like this in the configuration:
    
      <network>
        <name>test</name>
        <bridge name='br0' macTableManager='libvirt'/>
        ...
    
    This patch only adds the config knob, documentation, and test
    cases. The functionality behind this knob is added in later patches.