New firewall system for Sympl using nftables

I move the log_selector into its own file because that removes it from being linked with the tls options. Also I think that the exim docs said can only appear once, but this belief may be incorrect in practice. The log_selector in tls_options gets commented out in CH3. The new file is 25_logging and gets several comments explaining the options. It also stops annoying message generated by sympl’s monitoring system.

My log_selector says

log_selector = +tls_sni +smtp_protocol_error +incoming_interface +smtp_mailauth

because these deliver good indications of unwanted behaviour.

P.S The change in 50-tls-options that was adopted was to change to

auth_advertise_hosts = localhost : ${if eq{$tls_cipher}{}{localhost}{*}}

which originally said

auth_advertise_hosts = localhost : ${if eq{$tls_cipher}{}{nomatchinghosts}{*}}

and gave rise to more erroneous error messages about nomatchinghosts not being a legal host. Using localhost here did the trick and stopped the messages.