update description of CAP_NET_RAW capability requirement

[philgebhardt]

This capability was required for Gremlin versions older than 2.18.2, because our runc drivers would run sidecars with a "capabilities-add" request that was unaccompanied by a "drop-all" request and CAP_NET_RAW was among those requested by default.

Incidentally, we've depended on CAP_NET_RAW since 2.40.1 for another purpose: dependency discovery (when gremlin.collect.dns=true). Update the description for when and why this capability is needed.