turn CONFIG_SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT on

[Eric Paris]

So after a little discussion with the SELinux folks it looks like we
want to turn this option on in FC7 as well.  This should not be changed
for old fedora releases.  This option will enable secmark by default
instead of the legacy network hooks for selinux.  It should reduce the
selinux overhead on network traffic drastically.  Few if any people
actually use the old network checks, but if someone is using them they
are still available (though a /selinux tunable called 'compat_net')

I believe the necessary bits to make use of secmark exist in the
iptables packages shipped in rawhide.  RHEL 5 shipped with this enabled
and since most people don't use it anyway (even people who leave selinux
on) all this will do is drop their overhead.

-Eric