This adds an IsConnected method to verify if a container is already connected to a network with the expected IP, preventing redundant operations. In reconcileIPs, it skips reconnections if the state is correct. In applyNATRule, MASQUERADE is now applied in the same namespace as DNAT (container or host) for consistent and accurate rule application.
Implement FindContainerName method on DockerAPI that attempts exact match
first, then falls back to prefix-based matching (e.g., extracting prefix
before dash like "service-" in "service-abc") to replicate the old shell
script's `grep $D"-"` behavior. Update firewall orchestrator to use this
resolution before connecting containers to networks, improving robustness
when container names vary from configured selectors.
