local.m4, etc.: Establish `inbound-untrusted' chain and deploy.

Quite a lot of the per-host files involve allowing local untrusted
access to various services.  This was being done with explicit network
address ranges, which led to repetition of the rules for IPv4 and IPv6,
or only permitting access through IPv4.

Instead, introduce a new chain (actually promoted from `vampire.m4') for
these local untrusted clients and replace the explicit address ranges.