bridge, del: timeout after 55 secs of trying to list rules

Making sure the exec'ed nft command is executed in 55 secs allows for
CNI to fail early, thus preventing CRI from sending another CNI DEL
while the previous NFT call is still being processed.

This fix prevents part of the behavior described in [0], in which:
> cnv-bridge and nft comes pile up in a loop, increasing every 60, never
completes

The timeout had to be less than 60 seconds (otherwise CRI would still
trigger CNI DEL again) but large enough for this feature to have a
chance of working on older kernels (e.g. centOS 8), where it takes
longer to access even a specific chain/table.

Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>

pkg/link/spoofcheck.go

@@ -15,8 +15,10 @@
 package link
 
 import (
+	"context"
 	"fmt"
 	"os"
+	"time"
 
 	"github.com/networkplumbing/go-nft/nft"
 	"github.com/networkplumbing/go-nft/nft/schema"
@@ -46,7 +48,10 @@ func (dnc defaultNftConfigurer) Apply(cfg *nft.Config) error {
 }
 
 func (dnc defaultNftConfigurer) Read(filterCommands ...string) (*nft.Config, error) {
-	return nft.ReadConfig(filterCommands...)
+	const timeout = 55 * time.Second
+	ctxWithTimeout, cancelFunc := context.WithTimeout(context.Background(), timeout)
+	defer cancelFunc()
+	return nft.ReadConfigContext(ctxWithTimeout, filterCommands...)
 }
 
 func NewSpoofChecker(iface, macAddress, refID string) *SpoofChecker {