feat: proxy networking mode

[razvanz]

Add network.mode = "proxy" that runs a forward proxy on the host TAP interface. The VM routes all HTTP/HTTPS through it via HTTP_PROXY/HTTPS_PROXY env vars. Host-side nftables blocks direct egress that bypasses the proxy.

Why: The current filtered mode operates at L3/L4 (domain allowlist via split-DNS + nftables). It cannot distinguish HTTP methods or URL paths — if github.com is allowed, both git clone and exfiltration via public Gist are permitted. A proxy enables L7 filtering: allow GET but block POST to the same domain.

Proposed config:

{
  network = {
    mode = "proxy";
    proxy.rules = [
      { host = "github.com"; methods = ["GET"]; }
      { host = "github.com"; methods = ["POST"]; pathPrefix = "/acme/"; }
      { host = "repo.nexus.com"; methods = ["GET" "HEAD"]; }
      { host = "api.anthropic.com"; }
    ];
  };
}

Scope:

• Start with domain-only filtering (CONNECT/SNI) — no MITM, no CA cert injection
• Full L7 (method + path on HTTPS) as follow-up requiring MITM + CA trust store config
• Proxy logs every request to ~/.nixbox/logs/<project>/proxy.log
• Follows same lifecycle as dnsmasq: started in do_create, PID in state dir, killed in do_destroy
• Should work with nixbox network reload (see feat: hot-reload network settings without VM restart #2 )