need to track OCI image source info

[mikemccracken]

I want to be able to say which mounted OCI image has corrupted layers when checking with atomfs verify (see #20) or via some other mechanism that gets notified that a device is corrupt.

The molecule should keep track of the OCI image path that it was created from, and we should be able to trace from a device name to a list of molecules and OCI images that are affected.

since the current molecule metadata is overmounted, maybe atomfs lib should maintain a separate directory with this info:

atomfsmeta/
atomfsmeta/50bd5ba895c-verity/
atomfsmeta/50bd5ba895c-verity/$ocilayoutpath/$tagname1
atomfsmeta/50bd5ba895c-verity/$ocilayoutpath2/$tagname2
etc...

seeing as how this is tied to the verity implementation, possibly this should be an implementation detail of atomfs verify and that command could just output OCI tag info. but we do need to make it available somewhere.

[mikemccracken]

note that the overmounting that hides the metadata dir is not required, it's a convenience for the atomfs binary, but other users of the atomfs package do set a different (and thus accessible) metadata dir