IP is erroneously reused in other rule

[hknutzen]

Netspoc combines similar rules by using object-groups.
Inside object-groups, adjacent IP networks are combined into larger IP networks.

The current implementation has an error.
When combining networks of one group, this may affect some similar but unrelated other group, such that the combined network erroneously occurs inside the unrelated group.

Test case:

network:n1 = { ip = 10.1.1.0/24; }
network:n2 = { ip = 10.1.2.0/24; }
network:n3 = { ip = 10.1.3.0/24; }

router:u = {
 interface:n1;
 interface:n2;
 interface:n3 = { ip = 10.1.3.1; }
}

router:r1 = {
 managed;
 model = ASA;
 interface:n3 = { ip = 10.1.3.2; hardware = n3; }
 interface:n4 = { ip = 10.1.4.1; hardware = n4; }
}

network:n4 = {
 ip = 10.1.4.0/24;
 host:h1 = { ip = 10.1.4.10; }
 host:h2 = { ip = 10.1.4.12; }
}

group:g1 = network:n1, network:n2;

service:s1 = {
 user = group:g1, network:n3;
 permit src = user; dst = host:h1; prt = tcp 80;
}
service:s2 = {
 user = group:g1;
 permit src = user; dst = host:h2; prt = tcp 80;
}

Result:

object-group network g0
 network-object 10.1.1.0 255.255.255.0
 network-object 10.1.2.0 255.255.254.0
object-group network g1
 network-object host 10.1.4.10
 network-object host 10.1.4.12
access-list n3_in extended permit tcp object-group g0 object-group g1 eq 80
access-list n3_in extended deny ip any any
access-group n3_in in interface n3

The generated access-list permits 10.1.3.0/24 for both destinations, although this must only be permitted for 10.1.4.10