Security sandbox dependencies

[aarontp]

We should fully sandbox the dependencies and especially the binary dependencies. See https://github.com/google/turbinia/issues/429 for some related notes.

[aarontp]

Some related links: https://zwischenzugs.com/2018/05/05/sandboxing-docker-with-googles-gvisor/ https://cloud.google.com/blog/products/gcp/open-sourcing-gvisor-a-sandboxed-container-runtime

[aarontp]

All workers are run out of containers now, but since docker isn't considered a security boundary on it's own I updated the description to be more specific to that.