RFC: podman: Add support for blackhole routes

[p12tic]

Add support for blackhole, unreachable, and prohibit route types in podman networks. These route types allow silently discarding packets (blackhole), rejecting with destination unreachable (unreachable), or rejecting with administratively prohibited (prohibit).

Blackhole routes require netavark >= 2.0.0. Regular unicast routes remain backward compatible with all netavark versions.

Likely fixes #20222

Exposes this netavark feature: containers/netavark#1417

Currently market as draft to get early feedback before I move libnetwork changes to common repository.

Checklist

Ensure you have completed the following checklist for your pull request to be reviewed:

• Certify you wrote the patch or otherwise have the right to pass it on as an open-source patch by signing all
  commits. (git commit -s). (If needed, use git commit -s --amend). The author email must match
  the sign-off email address. See CONTRIBUTING.md
  for more information.
• Referenced issues using Fixes: #00000 in commit message (if applicable)
• Tests have been added/updated (or no tests are needed)
• Documentation has been updated (or no documentation changes are needed)
• All commits pass make validatepr (format/lint checks)
• Release note entered in the section below (or None if no user-facing changes)

Does this PR introduce a user-facing change?

Add support for blackhole, unreachable, and prohibit route types in podman networks. Supported since netavark 2.0.