We don't need the final drop rule anymore

Once we switch the FirewallEngine to nftables, we won't need the final
"drop" rule, since it the INPUT chain policy is "drop".

Depends-On: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/852808
Change-Id: I91f2a26ee8197764804af07c5e93f01e0564137f

tripleo_ansible/roles/tripleo_firewall/defaults/main.yml

@@ -71,7 +71,7 @@ tripleo_firewall_default_rules:
     state:
       - NEW
     destination: 'fe80::/64'
-  '998 log all':
+  '999 log all':
     proto: all
     jump: LOG
     limit: 20/min
@@ -80,6 +80,3 @@ tripleo_firewall_default_rules:
     nft_flags: 'all'
     nft_prefix: 'DROPPING: '
     state: []
-  '999 drop all':
-    proto: all
-    action: drop

tripleo_ansible/roles/tripleo_firewall/molecule/nftables/converge.yml

@@ -20,3 +20,8 @@
   roles:
     - role: "tripleo_firewall"
       tripleo_firewall_engine: 'nftables'
+  tasks:
+    - name: Clean everything nftables related
+      import_role:
+        name: tripleo_nftables
+        tasks_from: cleanup.yaml

tripleo_ansible/roles/tripleo_nftables/defaults/main.yml

@@ -58,8 +58,4 @@ tripleo_nftables_rules:
       flags: 'all'
       prefix: 'DROPPING: '
       state: []
-    rule_name: 998 log all
+    rule_name: 999 log all
-  - rule:
-      action: drop
-      proto: all
-    rule_name: 999 drop all