dns/dnscrypt-proxy2: Add mac_portacl option in rc script

Version 2 of dnscrypt-proxy is written in Go and therefore isn't capable
of dropping privileges after binding to a low port on FreeBSD.

By default, this port's daemon will listen on port 5353 (TCP/UDP).

With this option it's possible to bind it and listen on port 53 (TCP/UDP)
with mac_portacl(4) kernel module (network port access control policy).
For this add dnscrypt_proxy_mac_portacl_enable=YES in your rc.conf.
The dnscrypt-proxy startup script will load mac_portacl and add a rule
where %%USER%% user will be able to bind on port 53 (TCP/UDP). This port
can be changed by dnscrypt_proxy_mac_portacl_port variable in your rc.conf.
You also need to change dnscrypt-proxy config file to use port 53.

Suggested by: feld
Approved by: egypcio@googlemail.com (maintainer)
Differential Revision: https://reviews.freebsd.org/D15151