Implement matrix compliance reporting

[tpurschke]

• [x] depends on working CIDR filtering
• [x] UI start with separate top-level UI "Compliance" item
• [x] UI for single zone definition (name, hierarchy, CIDR subnets)
• [x] UI for defining inter-zone rules
• [x] allow for at least two levels of zone hierarchies (area/zone) - could also be implemented as separate matrices?!
• [x] compliance rules to be defined on both levels
• [x] only CIDR-based access matrix taken into consideration
• [x] disable "Configuration Add - OK" and "Matrix - Commit Changes" buttons for all but admin role
• [ ] #2424
• [ ] add explicit Internet Zone dynamically calculated as all Public IP addresses Not defined in any Zone
• [ ] add "private unused" Zone
• [ ] add help Pages
• [ ] add help Page Info for adding Matrix Data via API
• [ ] sort ip ranges in Configuration page
• [x] double-check completeness of compliance violation list after upgrading fwodemo.cactus.de to v7.0, the check result is as expected:

advanced

• [ ] allow for multiple named matrices
• [ ] add Compliance Report: show all rules that violate compliance matrix (optionally filtered by gateways)
• [ ] allow for service filtering (not implementing in the first phase)
• [ ] also add IP V6 addresses for Internet Zone

[alf-cactus]

Design for Compliance Analysis is here https://xfer.cactus.de/index.php/s/nbene7RToizCe3Y