feat req: nftables support

[unknowndevQwQ]

There are now many tools that have gradually shifted from xtables to nftables. For example, when networkmanager creates network sharing, it is preferred to use nft to create a rule table controlled and write the corresponding rules. Even cgproxy, which has almost no maintenance in recent years, has achieved nft support.
One of the major advantages of nftables than Xtables is that every tool that needs to set up flow filtration can have its own table. Don't worry about breaking other things

[NOBLES5E]

Thank you for your suggestion regarding adding nftables support to cproxy.

I’d like to highlight that most modern systems include an iptables compatibility layer that allows the iptables binary to interact seamlessly with nftables. Since cproxy updates rules by invoking the iptables binary, it should function correctly with both xtables and nftables without requiring any modifications.

Additionally, because cproxy operates using specific cgroups, it is designed not to interfere with existing firewall rules in practice. However, if you encounter any issues where cproxy does interfere with other rules, please feel free to file a bug report so we can investigate and address the problem accordingly.