iptables: DNAT rule for aardvark-dns on non-standard port is never reached if a container has a port forward for 53

[dev-zero]

1. Start a container with -p 53:53/udp
2. Create a non-internal bridge network (non-internal due to No DNS in internal networks when dns_port is not set to 53 #1051)
3. Create a container on that network

The result is this:

Chain NETAVARK-HOSTPORT-DNAT (2 references)
 pkts bytes target     prot opt in     out     source               destination
    3   192 NETAVARK-DN-1D8721804F16F  6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53 /* dnat name: podman id: db612e4d0603704b2e6a8aa76f3b69c0f49af293928a952f4a04ec65d58441d6 */
 1447  101K NETAVARK-DN-1D8721804F16F  17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:53 /* dnat name: podman id: db612e4d0603704b2e6a8aa76f3b69c0f49af293928a952f4a04ec65d58441d6 */
    0     0 DNAT       17   --  *      *       0.0.0.0/0            10.89.1.1            udp dpt:53 to:10.89.1.1:54

This last rule will never be looked at since all packages will already be DNAT'ed to the first container providing the DNS in the chain NETAVARK-DN-1D8721804F16F.

And DNS resolution between containers in the same network is therefore broken for all subsequent containers.