Network hardening using sysctl

[gangaram-tii]

Description of changes

sysctl configuration for network hardening. Uses configuration recommended in different security audits. Configuration and it's recommendation is available in this document:

Recommended sysctl settings

Sysctl network setting audit report available: https://github.com/gangaram-tii/ghaf-debug-tools/blob/main/report/hardened_network_audit_report.md

Network Performance impact: https://github.com/gangaram-tii/ghaf-debug-tools/blob/main/report/perf-iperf3.png Note: ghaf+ label is with sysctl hardened network settings.

Checklist for things done

• [-] Summary of the proposed changes in the PR description
• [-] More detailed description in the commit message(s)
• [-] Commits are squashed into relevant entities - avoid a lot of minimal dev time commits in the PR
• [-] Contribution guidelines followed
• [ ] Ghaf documentation updated with the commit - https://tiiuae.github.io/ghaf/
• [ ] PR linked to architecture documentation and requirement(s) (ticket id)
• [-] Test procedure described (or includes tests). Select one or more:
  • [ ] Tested on Lenovo X1 x86_64
  • [ ] Tested on Jetson Orin NX or AGX aarch64
  • [ ] Tested on Polarfire riscv64
• [ ] Author has run make-checks and it passes
• [ ] All automatic Github Action checks pass - see actions
• [ ] Author has added reviewers and removed PR draft status
• [ ] Change requires full re-installation
• [ ] Change can be updated with nixos-rebuild ... switch

Instructions for Testing

• [-] List all targets that this applies to: all platform targets
• [ ] Is this a new feature: yes
  • [ ] List the test steps to verify:
• [-] If it is an improvement how does it impact existing functionality?
  • Test network related functionality e.g. (internet access and inter vm communication).