Add fail2ban option to security module in Plinth UI

Created by: SunilMohanAdapa

Although we have libpam-abl from blocking too many attempts to SSH password login, having fail2ban would be nice. Fail2ban actively discourages an adversary by blocking their traffic which libpam-abl does not. Fail2ban also has the infrastructure for making web based login attempts harder. We can later block too many login attempts to Plinth.

We should implement fail2ban as a checkbox option in the security module. fail2ban should be installed and enabled in FreedomBox by default. Fail2ban should be configured to use firewalld instead of iptables.

Implementation hints:

• Add fail2ban to managed_packages list in the security module and increment its version number. This will cause new installations to automatically install fail2ban.
• Add a setup() step in the module and run action script to setup fail2ban. Inside this action, first install the managed_packages and then configure fail2ban to work with firewalld actions instead of iptables. During upgrade from older version of the module to newer version of the module, setup process will run and installation, and setup operations will be performed.
• Add code so that when checkbox is enabled, fail2ban daemon is enabled and when checkbox is disabled, the fail2ban daemon is disabled.
• To upgrade older versions of Plinth to newer version, the upgrade process for each module should run. However, it is the duty of the Plinth itself to run upgrades (at least on essential packages). It is not implemented yet. Ignore this problem for this issue, it will be dealt separately.
• Since this is an essential module, please build a new image with freedom-maker for one amd64 build and one armhf build to confirm that the setup() process works properly during image building.

PS: I thought this could be beginner issue. But is more like a "medium" level difficulty issue so I removed the beginner tag.