Warn for tables with compat expressions in rules

Warn for tables with compat expressions in rules

While being able to "look inside" compat expressions using nft is a nice
feature, it is also (yet another) pitfall for unaware users, deceiving
them into assuming interchangeability (or at least compatibility)
between iptables-nft and nft.

In reality, which involves 'nft list ruleset | nft -f -', any correctly
translated compat expressions will turn into native nftables ones not
understood by (the version of) iptables-nft which created them in the
first place. Other compat expressions will vanish, potentially
compromising the firewall ruleset.

Emit a warning (as comment) to give users a chance to stop and
reconsider before shooting their own foot.

Signed-off-by: Phil Sutter <phil@nwl.cc>