network: add support for disabling bridge learning on tap|veth|fwln ports
Currently, if bridge receive an unknown dest mac (network bug/attack/..),
we are flooding packets to all bridge ports.
This can waste cpu time, even more with firewall enabled.
Also, if firewall is used with reject action, the src mac of RST
packet is the original unknown dest mac.
(This can block the server at Hetzner for example)
So, we can disable learning && unicast_flood on tap|veth|fwln port interface.
Then mac address need to be add statically in bridge fdb.