Add ID-mapping capabilities

[sondavidb]

Issue #, if available:

Description of changes: Working off the POC at Kern--/idmap-v2, added id-mapping capabilities to the snapshotter.

The PR additionally has a commit to add a separate ctr binary nerdctl binary (EDIT: later iterations changed this to a nerdctl binary) to the container. This is because containerd doesn't support id-mapping in ctr nerdctl in an official release yet, so we need a specific binary to pass the proper labels. This is done by adding a new Makefile target and copying it in the Dockerfile, but I'm open to different approaches here.

Testing performed: make test and make integration

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[sondavidb]

New changes address logging concerns as well (EDIT: missed some) as moved the FUSE server setup to a new function. ~I think this also made the tests pass properly, possibly because I previously didn't setup the fuse logging properly before?~ NVM, still not good, seems the FUSE servers aren't being set up properly. Might have to do with the layer bit Austin mentioned...There's also parts w/ overlay fallback which means that the layer isn't being setup properly, but the new code shouldn't even be called unless id-mapping is turned on? So I'm a bit confused...

Also added a new internal patch which will make the diff look even bigger but it's just so we can store the patch locally.

[sondavidb]

FWIW, I tested these changes on the ubuntu runners and they all seemed to pass?? Not sure what it might be indicative of.

https://github.com/sondavidb/soci-snapshotter/pull/20

[sondavidb]

Looks like I undid a ton of changes and messed things up while rebasing 😓 Manually re-added everything I think but should double check.

Will double-check multi-uid/gid mapping shenanigans tomorrow as well as using nerdctl instead of ctr but I'll have to see.

[sondavidb]

Tons of changes. Notably:

• Use nerdctl instead of ctr
• Fixed bug where multi-uid/gid wasn't actually happening
• Removed dangling test code

TODO:

• Skip id-mapping test on containerd 1.6 versions and update to containerd 1.7 in separate PR
• Add test to make sure that the second set of permissions persists in multi-id case (i.e. that default user will also be remapped)

[sondavidb]

Added a check for containerd version to skip the new tests which means we should wait for #1401 to be merged before merging this if we are happy with the changes

[sondavidb]

Added commits from #1401 preemptively just to get CI running and make sure we're all good, will rebase before merging but CI should be green now.

[sondavidb]

Ended up just using -a --no-preserve=links and it seems to work

[sondavidb]

Rebased with main

[sondavidb]

Newest changes should address most recent concerns with variable naming and also adds testing for files inside the container as well

[sondavidb]

After this is merged I think documentation on how to actually use this feature would be nice. I can take it as a followup.