sentinel-dynfw-client: fix race condition causing error and missing rule

On package installation the uci_default is run before service start. As the last step in uci_default the Firewall is reloaded but rule inject fails due to missing ipset. In normal operation the sentinel-dynfw-client is started before firewall but during installation this can't be done.

The solution is to just create ipset anytime we start firewall. This makes it so rules is always added and it really doesn't matter who creates the ipset. With this either sentinel-dynfw-client creates it or firewall, which ever comes first.