Fix mountpoints for nix store paths that are files

[elpdt852]

Fix #104 Fix #127

Summary

• Fix mountpoints for nix store paths that are files
• Refactor & add additional integration test coverage
• Pin containerd to ensure compatible version
• Add patch to enable loading compressed archives, i.e. loading images built from upstream pkgs.dockerTools.buildImage
• Switch to nix-store to remove experimental "nix-command" dependency

Essentially I misunderstood that bind mounts for files needs to have an empty file as mountpoint instead of an empty base directory. This is now covered by unit & integration tests.

The integration tests were also refactored with newer patterns for handling rootless tests, and coverage for push/pull/load of nix-snapshotter & dockerTools (upstream nixpkgs) images. Turns out there's a bug in containerd which is fixed by: https://github.com/containerd/containerd/pull/9864 and currently maintained as patch in this repository. I've also opened a backport to release/1.7 here: https://github.com/containerd/containerd/pull/9989

[elpdt852]

@RobbieBuxton @gbpdt This is ready for review now.