Suricata: NFQUEUE, separated ET rules and pakon-dev-detect data source change

This merge requests mainly changes suricata data input method to NFQUEUE. The init/fw script is heavily inspired by pakon-guts init/fw script.

Other things include:

• separating emergingthreat rules (their loading and updating) from suricata base package (suricata-emergingthreats-rules)
• embedding suricata config file to package (instead of using sed in Makefile) + some fine tunning (turning bypass on, preparing include_dir to allow integrating other packages)
• moving pakon-dev-detect to get data from suricata instead of pakon-guts (+ dropping dependency on pakon-guts).

I would like this to get merged as soon as possible to allow some testing from others. Suricata is probably not used by anyone except few developers, so these changes itself doesn't matter, but pakon-dev-detect is kind-of public (but marked as experimental), that's why I'm asking for review. I'm testing (and polishing) all these things for few days and they seem working well.

pakon-dev-detect backend changes are in related merge request turris/pakon-dev-detect!4 (merged).