implement full explicit ingress filtering on non-Local provider bootstrapping node
This is a tracking bug for a dependency of the juju MIR (bug #912861).
This is different from bug #966558 in that this bug implements explicit full ingress filtering on the bootstrapping node. This helps ensure that services started on the bootstrapping node can't be trampolined to more privileged juju access. Access might be something like:
* allow ping and 22/tcp from anywhere
* allow only ping, 22/tcp and 2181/tcp (zookeeper) from deployed nodes