bug in iptables firewall avoids client from effectively using 53/udp as a remote

EDIT: original title was: "exclude rewriting IPv4 packets on port 53 for the openvpn process ID"

In order to allow bitmask-vpn establishing connections on port 53 (currently that's filtered out), we need to adapt the iptables rules.

E.g. to the line

  ip4tables("-t", "nat", "--append", BITMASK_CHAIN_NAT_OUT, "-p", "udp",
                  "--dport", "53", "--jump", "DNAT", "--to",
                  NAMESERVER + ":53")

we need to add the following command line arguments

! --pid-owner $OPENVPN_PID

bitmask-root needs to get passed or figure out the openvpn PID.

Similar approach for the qubes firewall rules.