Also teach sunet-l4lb-namespace to load the nft ruleset if it exists.
While here modify the script so instead of running "once per netns
config file" we merge the interface config from each json file into the
same dict per namespace. Without this we would attempt to load the nft
ruleset twice (once per file that mentioned the namespace) or warn twice
if the file did not exist etc.
Make it able to delete addresses that are no longer in the netns config.
Also make it read one netns-base.json for hardware config which is
managed by puppet but also make it look for netns-sunet-cdn-agent.json
which is not created by puppet. This file will be generated by
sunet-cdn-agent and will include the configuration for dummy0.
Trying to run goose for creating database contents failed:
```
2024/11/14 11:59:13 goose run: failed to ensure DB version: ERROR: permission denied for schema public (SQLSTATE 42501)
```
This seems to be because PostgreSQL 15 removed the default CREATE
permission in the public schema for users other than the database owner.
Instead we create a user-specific schema owned by that same user and
leave the public schema unused.
Because there will be haproxy instances running next to this service we
can only listen to the machine-local address not the default of "all addreses":
Error seen:
```
Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.
```
