Move MAC spoof fail-safe to tails-spoof-mac.
Having the fail-safe in tails-unblock-network means that it's only run *once*, there will be no fail-safe for devices hotplugged after that. Now we have the fail-safe for each device, right after we try to spoof them. Note that we drop `set -u` because /usr/bin/gettext.sh uses the uninitialized `ZSH_VERSION` variable.
Showing with 71 additions and 78 deletions