[WIP] Probe: Better mapping of NATted connections

[bboreham]

Now that we get NAT information via netlink we have a flag to distinguish SRC_NAT from DST_NAT, so we can do a better job of mapping connections. See extensive comment in nat.go for explanation of the approach.

One example how we get a better result is that incoming connections to a Kubernetes NodePort are visible with their remote IP address - previously they did not get mapped. Unfortunately, when using an AWS ELB the source endpoint is excluded because its address is on the same network as the host where the probe runs.

Also stop special-casing the Docker bridge in Kubernetes mode. Most often, Kubernetes uses a bridge named cbr0 so the 'docker0' bridge should be locally-scoped, and exceptionally users can turn that off with --probe.docker.bridge=""

[fbarl]

@bboreham What's the status of this PR? Is there something blocking you from proceeding / merging it?