Firewalld is adding a new strict mode for port forwarding. When enabled, Podman's own port forwarding will not function, we need to use Firewalld port forwarding instead.

Netavark should detect when this mode is enabled (when using the iptables and nftables firewall drivers) and either warn the user or error outright when trying to create a container with port forwarding enabled. We can make these error messages very good (e.g. include the firewalld commands that are required to get port forwarding working).