firewall: Maintain iptables rules in dedicated ConnMan chains

firewall: Maintain iptables rules in dedicated ConnMan chains

Instead appending ConnMan iptables rules into the builtin chains
we append them into chains managed by ConnMan.

If a rule needs to be inserted into a bultin chain, ConnMan
will create a 'connman-' prefixed builtin chain name and appends
the user rules there. Then ConnMan will insert a unconditional jump
rule in the builtin chain.

Basically,

  iptables -t filter -A INPUT -m mark --mark 1 -j LOG

will be translated to this:

  iptables -t filter -N connman-INPUT
  iptables -t filter -A connman-INPUT -m mark --mark 1 -j LOG
  iptables -t filter -I INPUT -j connman-INPUT

When the last rule in a managed chain is removed, the managed
chain will also be removed.