Ban list should implement subnet set arithmetic

[omurad]

Problem

monerod’s current ban list implementation does not properly handle IP subnets.

• Banning a larger subnet (e.g. 172.16.0.0/12) and then attempting to unban with a smaller subnet (e.g. 172.16.1.0/24) does not correctly remove the larger subnet from the list.
• Unbanning all IPs via monerod unban 0.0.0.0/0 does not work.
• No easy way to ban/unban all IPs (e.g. for testing/debugging, temporarily disabling p2p traffic, recovering from misconfig, etc..)

Example of the issue:

# Ban 172.16.0.0/12 subnet
$ monerod ban 172.16.0.0/12
Monero 'Fluorine Fermi' (v0.18.4.5-release)

# Unban a subset of the above subnet
$ monerod unban 172.16.1.0/24
Monero 'Fluorine Fermi' (v0.18.4.5-release)

# Validate unban
$ monerod banned 172.16.1.1
Monero 'Fluorine Fermi' (v0.18.4.5-release)
172.16.1.1 is banned for 86359 seconds # Still banned

# Unban all
$ monerod unban 0.0.0.0/0
Monero 'Fluorine Fermi' (v0.18.4.5-release)

# Validate unban
$ monerod banned 172.16.1.1
Monero 'Fluorine Fermi' (v0.18.4.5-release)
172.16.1.1 is banned for 86338 seconds # Still banned

Expected behavior

Subnet ban/unban operations should respect proper subnet set arithmetic:

• If a broad subnet (e.g. 172.16.0.0/12) is banned, it should implicitly ban all subnets within it.
• If a subnet is unbanned that overlaps a previously banned larger subnet, the implementation should correctly recompute the resulting ban set.
• Unbanning <any-ip>/0 should remove all bans.