add so_mark sockopt support

[jampe]

This PR adds the ability to mark the traffic on the nebula interface for linux based systems. This allows the user to handle the nebula generated taffic via ip rules and using generic routing tables. For example, this allows the use of default routes via nebula for clients that already have a default gw set due to their network setup.

Current state:

0.0.0.0/0 routing is already possible in nebula using network namespaces (see https://www.wireguard.com/netns/) however I noticed in my own testing that moving network interfaces between namespaces can often introduce different new problems. E.g. you loose ip assignements on interfaces, ip a does not show your physical nic anymore resulting in problems with network managers on desktop style clients.

Related issues / existing pull requests:

• fixes Feature request: Add ability to set fwmark on clearnet traffic #973 : directly addresses this
• fixes make default route via nebula node (full subnet routing, 0.0.0.0/0, etc.) #280 and addresses Question: can a lighthouse be configured as a gateway to allow anonymous web browsing from a node? #145, How to configure Nebula's full tunnel mode #307 : this feature enables the scenarios described in this issue (full subnet routing, 0.0.0.0/0, etc).
• alternative solution to Alternative route table and 0.0.0.0 routing #1324 : while 1324 offers to add the unsafe routes directly to alternative routing tables it currently requires parsing files at distro specific locations. Additionally the PR currently does not support the upcoming ipv6 nebula networks. I belive my pr adds a more generic approach to this problem that is already implemented this way in leading vpn projects (wireguard / openVPN).
• implements Add 0.0.0.0/0 unsafe route support #351 in a more generic way and touching as less code as possible.

To enable 0.0.0.0/0 routing one would have to start nebula using listen.so_mark set to e.g. 4242 and then set the following ip rules / ip routes (taken from https://ro-che.info/articles/2021-02-27-linux-routing and the wg-quick project):

> ip rule add not from all fwmark 4242 lookup 4242
> ip rule add from all lookup main suppress_prefixlength 0
> ip route add default dev nebula1 via <nebula_unsafe_route_gw> table 4242

This PR leaves the "final routing descision" to the user by adding only the abbitity to actually do it to nebula. This even enables setups with multiple 0.0.0.0/0 unsafe routes in the nebula config. Meaning one could add multiple 0.0.0.0/0 unsafe route endpoints and change which endpoint to actually use on the fly. You could also do something like source based routing to different gws at the same time.