rc.d: add a service jails config to all base system services

This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
service jail.

The sshd patch is important for the sshd-related functionality as
described in the man-page in the service jails part.

The location of the added env vars is supposed to allow overriding them
in rc.conf, and to hard-disable the use of svcj for some parts where it
doesn't make sense or will not work.

Only a subset of all of the services are fully tested (I'm running this
since more than a year with various services started as service jails).
The untested parts should be most of the time ok, in some edge-cases
more permissions are needed inside the service jail.
Differential Revision: https://reviews.freebsd.org/D40371

Remove $FreeBSD$: one-line sh pattern

Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/

rc.d/netif: Don't DAD if lo0 is the only IPv6 IF

The code in rc.d/netif waiting for IPv6 Duplicate Address Detection if
any network interfaces support IPv6. Unfortunately, since lo0 *always*
has IPv6 enabled, this means unconditionally sleeping, even on systems
which have no external IPv6 interfaces.

Since we presume that there is little risk of a duplicate address being
assigned on lo0, amend the test to wait only if there is an interface
*other than lo0* which supports IPv6.

Reviewed by: bz
Differential Revision: https://reviews.freebsd.org/D40141

rc.d/*: Use startmsg instead of echo on start messages

By rc.conf(5), setting rc_startmsgs="NO" should silence start messages.

Fix a few rc scripts by using startmsg.

PR: 255207
Reported by: Jose Luis Duran <jlduran@gmail.com>
Reviewed by: imp, 0mp
Approved by: imp (src)
Differential Revision: https://reviews.freebsd.org/D34514

Retire synchronous PPP kernel driver sppp(4).

The last two drivers that required sppp are cp(4) and ce(4).

These devices are still produced and can be purchased
at Cronyx <http://cronyx.ru/hardware/wan.html>.

Since Roman Kurakin <rik@FreeBSD.org> has quit them, they no
longer support FreeBSD officially. Later they have dropped
support for Linux drivers to. As of mid-2020 they don't even
have a developer to maintain their Windows driver. However,
their support verbally told me that they could provide aid to
a FreeBSD developer with documentaion in case if there appears
a new customer for their devices.

These drivers have a feature to not use sppp(4) and create an
interface, but instead expose the device as netgraph(4) node.
Then, you can attach ng_ppp(4) with help of ports/net/mpd5 on
top of the node and get your synchronous PPP. Alternatively
you can attach ng_frame_relay(4) or ng_cisco(4) for HDLC.
Actually, last time I used cp(4) back in 2004, using netgraph(4)
instead of sppp(4) was already the right way to do.

Thus, remove the sppp(4) related part of the drivers and enable
by default the negraph(4) part. Further maintenance of these
drivers in the tree shouldn't be a big deal.

While doing that, remove some cruft and enable cp(4) compilation
on amd64. The ce(4) for some unknown reason marks its internal
DDK functions with __attribute__ fastcall, which most likely is
safe to remove, but without hardware I'm not going to do that, so
ce(4) remains i386-only.

Reviewed by: emaste, imp, donner
Differential Revision: https://reviews.freebsd.org/D32590
See also: https://reviews.freebsd.org/D23928

Follow-up on 51da4b19be1. When booting a system with WITHOUT_IPFILTER
the following warning printed at boot time:

rcorder: requirement `ipfs' in file `/etc/rc.d/netif' has no providers.

Close that using BEFORE rather than REQUIRE for writing down
dependencies of optional components.

Revert r366857.

r366857 created a number of problems, tearing down interfaces too
early in shutdown. This resulted in:

- hung ssh sessions when shutting down or rebooting remotely using
shutdown (I've used exec shutdown, for years, as apposed to simply
shutdown).

- NFS mounted filesystems "disappear" prior to unmount.

- dhclient attached to a VLAN on an interface who's parent interface
has already shut down prints errors.

The path forward is to teach lagg(4) and vlan(4) about WOL.

PR: 251531, 251540
PR: 158734, 109980 are broken again
Reported by: jhb, emaste, jtl, Helge Oldach<freebsd_oldach.net>
Martin Birgmeier <d8zNeCFG_aon.at>
MFC after: Immediately
Discussion at: https://reviews.freebsd.org/D27459

Destroy cloned interfaces at netif stop, netif restart and shutdown.
This is especially important during shutdown because a child interface
of lagg with WOL enabled will not enable WOL at interface shutdown and
thus no WOL to wake up the device (and machine).

PR: 158734, 109980
Reported by: Antonio Huete Jimenez <tuxillo at quantumachine.net>
Marat N.Afanasyev <marat at zealot.ksu.ru>
reviewed by: kp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D26797

When booting a system with WITHOUT_IPFILTER the following errors
are encountered at boot time:

rcorder: requirement `ipfs' in file `/etc/rc.d/netif' has no providers.
rcorder: requirement `ipfilter' in file `/etc/rc.d/netif' has no
providers.
rcorder: requirement `ipfilter' in file `/etc/rc.d/netwait' has no
providers.
rcorder: requirement `ipfilter' in file `/etc/rc.d/net_watchdog' has no
providers.
rcorder: requirement `ipfilter' in file `/etc/rc.d/securelevel' has no
providers.

Listing its own requrements in BEFORE rather than use REQUIRE of
non-optional scripts resolves this issue.

The issue was discovered and patched by glebius at Netflix.

Submitted by: glebius
Reported by: glebius
MFC after: 1 week

Move the rc framework out of sbin/init into libexec/rc.

The reasons for this are forward looking to pkgbase:
* /sbin/init is a special binary; try not to replace it with
every package update because an rc script was touched.
(a follow-up commit will make init its own package)
* having rc in its own place will allow more easy replacement
of the rc framework with alternatives, such as openrc.

Discussed with: brd (during BSDCam), kmoore
Requested by: cem, bz
PR: 231522
Approved by: re (gjb)