Iptables block network access until #sdwdate succeeded. Reasons:
* cover cases where sdwdate is slow or failing
* catch race conditions where sdwdate is slower than a user starting a client program, server or daemon that already issued network traffic and leaked the time
Previously this was implemented in form of the #timesync progress bar. But such a progress bar was bad for various reasons:
* not enforced, easily ignored
* does not stop automatically starting applications and/or the user from using the network
* a popup which is bad for usability
* two or more [when using multiple Whonix-Workstation's] on the same desktop when using Qubes [due to its nature of using seamless mode]
A follow up task of T300.
Implementation:
* after boot #whonix-gw-firewall / #whonix-ws-firewall should block the network for everything but Tor and #sdwdate
** should create a `/var/run/whonix_firewall/first_run_current_boot.status` file
** when Whonix firewall gets restarted and `/var/run/whonix_firewall/first_run_current_boot.status` already exists, it should unblock the network and create a status file `/var/run/whonix_firewall/consecutive_run.status`.
* after the first time synchronization succeeded, sdwdate should issue unlocking the network
** sdwdate could create a status file `/var/run/sdwdate/first_success.status`, then
** reload whonix_firewall
* enabled by default
* configuration options to disable all of this
* all of this should safeguard allowing the user to allow network access even if one day a case is met where sdwdate is permanently failing
* #sdwdate-gui should shows that status of network time synchronization