fixes for allowing systemd-nspawn to run inside a container

[techmunk]

This is a solution for https://github.com/archzfs/archzfs-ci/issues/14 and by extension https://github.com/archzfs/archzfs/issues/521.

Few things to note:

1. The archlinux images have several NoExtract lines in the pacman.conf file, which means several potentially needed files are not extracted into the build root when using this base pacman.conf (including pacman.conf itself). We override this with a sane default from the devtools package in the CCM configuration.
2. We create a systemd-nspawn wrapper to ensure it runs with the --keep-unit flag, which stops nspawn from trying to make a new cgroup namespace to run in. The one created for the container should be sufficient.
3. This patch currently modifies start.sh of the worker to run as the buildbot user. This means the way caching was previously done will no longer work. Not sure if this would be moved into the Dockerfile, or if a different way of running the builtbod worker would be desired. This was a quick POC to get it up and running.

[minextu]

Thank you, this is amazing! It works great now, also really like that we don't have to run full systemd inside the container anymore either :rocket: