consomme: filter guest network traffic based on destination

[damanm24]

By default, drop guest-originated packets destined for loopback, unspecified, and link-local addresses in the
consomme NAT layer. A new allow_guest_loopback_access parameter on ConsommeParams can be set to opt in to the
previous behavior when needed.

[Copilot]

Pull request overview

This PR tightens consomme’s NAT behavior by defaulting to drop guest-originated packets targeting host-local destinations, with an opt-in parameter to restore the previous behavior when needed.

Changes:

• Add allow_guest_loopback_access to ConsommeParams and gate destination filtering on it.
• Drop guest TX to loopback/unspecified/link-local destinations (new DropReason::DestinationNotAllowed) and plumb this into net_consomme stats.
• Add unit tests covering the new destination-filter behavior and update TCP tests to opt into loopback access.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File	Description
vm/devices/net/net_consomme/consomme/src/lib.rs	Adds allow_guest_loopback_access, introduces DestinationNotAllowed, and implements destination filtering in IPv4/IPv6 handlers.
vm/devices/net/net_consomme/src/lib.rs	Treats DestinationNotAllowed as a TX drop for stats reporting.
vm/devices/net/net_consomme/consomme/src/tests.rs	New tests validating default blocking and opt-in behavior.
vm/devices/net/net_consomme/consomme/src/tcp/tests.rs	Updates TCP harness to opt in to loopback access to keep tests working.

[github-actions]

1 Petri tests failed (1 unstable)