Network namespaces

[kpcyrd]

This is a bit of a long term issue, but it would greatly help to make snail more secure out of the box:

• A new network namespace is create for snail
• A veth pair is created between the newly created network namespace and the regular system
• Move the wifi interface into the network namespace, this makes it unavailable to other applications
• Automatically configure a transfer network on the veth pair when the wifi interface has established a working internet connection

In addition, since the network namespace has it's own set of iptables rules, we can easily setup source nat for the wifi interface and outbound routing. Also, we could run VPN software inside the network namespace and make sure that only the VPN and snail are able to use it directly, while everything else is forced through the VPN. There are already subcommands in place that can be used if direct access to the network is needed (http, dns and connect). Those probably need to request the connection/lookup through snaild in the future.