Implement FindContainerName method on DockerAPI that attempts exact match
first, then falls back to prefix-based matching (e.g., extracting prefix
before dash like "service-" in "service-abc") to replicate the old shell
script's `grep $D"-"` behavior. Update firewall orchestrator to use this
resolution before connecting containers to networks, improving robustness
when container names vary from configured selectors.
Downgrade the IP forwarding failure from an error to a warning,
as this is expected in containers with a read-only filesystem.
IP forwarding should be set at the host level, not inside a container.
Update comments to reflect this expectation and improve log clarity.
The previous logic stripped dashes from both the lookup name and container/selector names, performing an exact match after removal. This failed for cases like "wireguardproxy-client" matching "wireguardproxyclient" or "app-1"/"app-2" matching "app-x", because the dash removal produced different strings.
Change to extract the prefix before the first dash in the lookup name, then match it against the beginning of container/selector names. This preserves the intended relationship while allowing matching of dashed variants with prefix-based patterns.
Instead of prefix matching on the part before the first dash, now strip
all dashes from both the lookup name and the stored container/selector
names and compare exactly. This improves matching accuracy for names
containing multiple dashes or dashes in varying positions.
