add configuration option for new nftables firewall

add configuration option for new nftables firewall

Introduces new nftables configuration option that en/disables the new
nftables firewall.

pve-firewall reads this option and only generates iptables rules when
nftables is set to `0` or if the proxmox-firewall package is not
installed at all. Conversely, proxmox-firewall only generates rules
when the option is set to `1`.

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
 [ TL: mark as tech preview and clarify is_enabled method name ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>