docker-ce: add device option to expand interface blocking

docker-ce: add device option to expand interface blocking

If docker-ce handles the firewall and fw3 is not envolved because the
rules get not proceed, then not only docker0 should be handled but also
other interfaces and therefore other docker networks.

This commit extends the handling and introduces a new uci option
`device` in the docker config firewall section. This can be used to specify
which device is allowed to access the container. Up to now only docker0
is covert.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>