feat: Option to disable masquerade

[danbai225]

Add independent IPv4/IPv6 SNAT control

Allow users to independently control SNAT (masquerade) for IPv4 and IPv6
traffic through network options snat_ipv4 and snat_ipv6. Both default
to true for backward compatibility.

Changes:

• Add snat_ipv4/snat_ipv6 fields to SetupNetwork with default true
• Parse SNAT options from network configuration in bridge driver
• Update nftables driver to conditionally add masquerade rules per address family
• Update iptables driver to pass enable_snat flag to chain creation
• Update firewalld driver to enable masquerade if either protocol needs SNAT
• Update varktables to conditionally add MASQUERADE rule based on enable_snat

  {
    "options": {
      "snat_ipv4": "false",  // disable IPv4 SNAT
      "snat_ipv6": "true"    // enable IPv6 SNAT
    }
  }

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: danbai225
Once this PR has been reviewed and has the lgtm label, please assign mheon for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[sourcery-ai]

Sorry @danbai225, you have reached your weekly rate limit of 500000 diff characters.

Please try again later or upgrade to continue using Sourcery

[packit-as-a-service]

Ephemeral COPR build failed. @containers/packit-build please check.