Add option to disable entry in main routing table if host_table is set for routed NIC

[ibot3]

For routed NICs, the host_table parameter can be specified to create a route in the specified routing table.
However, the same route is always installed in the main routing table too:

incus/internal/server/device/nic_routed.go

Lines 410 to 416 in fc4d0ca

	// Apply host-side static routes to main routing table.
	r := ip.Route{
	DevName: saveData["host_name"],
	Route: fmt.Sprintf("%s/%d", addrStr, subnetSize),
	Table: "main",
	Family: ipFamilyArg,
	}

It would be great if this behavior could be changed by another config option so that the route is only present in the specified routing table.

Our scenario:
We want to have VMs in different VRFs on the incus host.
But for routed NICs to work, ip_forwarding must be enabled on the host.
This causes that from the main VRF, all VMs with routed NICs can be reached, what we don't want, because they should only be reachable within their VRF.

[stgraber]

Hmm, I don't recall how we settled on this behavior for host_table...

In hindsight, we'd have been better served by a host_tables config key taking a comma separated list of table names and not having that default behavior of always putting in the main table too.

I think the best path forward here is to implement ipv4.host_tables and ipv6.host_tables defined as a comma separated list of table IDs and whose default is 254. Making them conflict with ipv4.host_table and ipv6.host_table respectively and then mark the old keys as deprecated in documentation.