When an interface is moving to/from jail, it is still attached to bpf
and the consumers, tcpdump(1) e.g., do not get noticed. That is
counterintuitive and may leak informations ( sniffer traffic in parent
jail/vnet ).
Add a departure handler to cope with that.
Currently this handler has overlap with bpfdetach(), as on destroying
an interface the bpfdetach() is invoked prior to if_detach(), then it
does nothing as bpfdetach() has detached descriptors already.
I'm planning to revise the order to attaching bpf / attaching interface
and detaching interface / detaching bpf. There may be still 3rd party
drivers insist old ordering so the overlap may exist for quite a long
time.
MFC after: 1 week