config/network/firewall.md: needs some rework/clarifications.

[Duncaen]

We currently have here two sections "Applying rules at boot" and "Applying rules at runtime" both are ambiguous. Both of them work at boot and at runtime, they are two alternative methods, with the one "Applying rules at boot" being clearly the better solution because they don't need a fake service and they make sure firewall rules are loaded before network services are up.

• Change the headlines for "Applying rules at X".
• Make clear that they are two ways of loading rules at boot and at runtime, make clear that core-services/rc.local is superior.
• Document how to reload rules with the fake service, sv can be used and with the better core-services or rc.local method the nftables (or iptables) command can be used.

[flexibeast]

i'm happy to do all this once a decision is made on whether or not to split the "Firewalls" section as per #508.