Migrate from iptables to firewalld

This module does all sorts of hacks to get the puppetlabs-firewall and iptables configuration working, especially during build time in containers where iptables doesn't work. firewalld will eliminate these complications by adding a stateful configuration layer in front of, in its case, nftables.

puppet-firewalld provides a high-quality interface to firewalld.

Generally, the default zone can be "reject" or "public" or the default if it's similar; and the Nest VPN can be added to the "trusted" zone. firewalld can configure zones for forwarding and port forwards.

fail2ban, podman, and libvirt all have firewalld backends.

Wait until upcoming firewalld 1.0.0 release to avoid responding to breaking changes immediately after implementation. May also need to wait for the Puppet module to catch up to the 1.0.0 release.