add fine grained network mediation support

Similar to !1095, but this time simplified. This version removes support for ip and port ranges and subnets. This can be added later.

It also contains an updated version of the network layout required by the kernel side of AppArmor.