Update to podman 4.0, latest mcli, and add netavark

@craftyguy: We may be able to simply use netavark and podman 4 for our firewall needs.

The public interface could simply use the default bridge mode, and then the other interfaces should be importable directly:

The --network option to podman create, podman pod create, podman run, and podman play kube can now, when specifying a network name, also specify advanced network options such as alias, ip, mac, and interface_name, allowing advanced configuration of networks when creating containers connected to more than one network. (source: https://cloud.redhat.com/blog/podman-4.0-arrives).

This is however untested beyond our unit/integration tests. We may not have DNS resolution in the container though as we have the following warning WARN[0000] binary not found, container dns will not be enabled.