[dbip] Performance improvement

[chr0mag]

The dbip data is provided as ranges of IP addresses -- not CIDR subnets. While nftables does support this format (known as intervals) the hash:net set type from ipset does not so the ranges must be converted to CIDR notation first. It is possible to store IP ranges in the ipset bitmap:ip set type but this has a fixed size entry of 65536 which is smaller than some of the country sets.

Since nftables supports CIDR notation as well, for simplicity conversion is currently done regardless of which firewall type is provided - but the conversion is expensive.

maxmind provides data in CIDR notation so no conversion is needed. This is the source the better performance for maxmind (~3s) vs. dbip (~11s)

1. Update the dbip logic to avoid conversion if only the nftables firewall type is requested.
2. For the iptables firewall type, investigate whether dbip ranges can be provided as is to the ipset bitmap:ip set type. If so, update the dbip logic to use this set type for any sets with fewer than 65536 entries and only use the hash:net set type (which requires conversion) for larger sets.