Description of problem:
When a VM is connected to a bridge using a NetworkAttachmentDefinition with a VLAN ID, we can see that the VM receives packets from the VLAN ID and also the untagged packets from the bridge.

Version-Release number of selected component (if applicable):
OCP 4.10.51
OpenShift Virtualization 4.10.8

How reproducible:
Always

Steps to Reproduce:
1. Create a bridge with a physical interface:

```
apiVersion: nmstate.io/v1
kind: NodeNetworkConfigurationPolicy
metadata:
name: br-extnet-enp3s0-policy-workers
spec:
desiredState:
interfaces:

• description: enp3s0 interface
  name: enp3s0
  state: up
  type: ethernet
• bridge:
  options:
  stp:
  enabled: false
  port:
• name: enp3s0
  description: Linux bridge with enp3s0 as a port
  ipv4:
  dhcp: true
  enabled: true
  name: br-extnet
  state: up
  type: linux-bridge
  nodeSelector:
  node-role.kubernetes.io/worker: ""
  ```

2. Create a NAD using the bridge and a VLAN ID:

```
apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
name: br-extnet-network
namespace: jorti
spec:
config: '

{ "cniVersion": "0.3.1", "name": "br-extnet-network", "type": "cnv-bridge", "bridge": "br-extnet", "vlan": 1000, "macspoofchk": false }

'
```

3. Create a VM connected to the NAD:

```
domain:
devices:
interfaces:

• bridge: {}
  macAddress: 02:a2:a6:00:00:06
  model: virtio
  name: default
  networks:
• multus:
  networkName: br-extnet-network
  name: default
  ```

Actual results:

In the node we can see that the veth of the VM is also using VLAN 1:

```
sh-4.4# bridge -d vlan
port vlan-id
vetheb545c41 1 Egress Untagged <----------
1000 PVID Egress Untagged
```

A tcpdump in the VM reveals packets not belonging to VLAN 1000.

Expected results:
The VM must be connected only to VLAN 1000

Additional info:
I see a similar issue reported upstream:
https://github.com/containernetworking/plugins/issues/667