Revisit the unshare(CLONE_NEWNS) use

[praiskup]

See #234 and --make-rprivate discussion, even though it didn't mention the real reason why it was added (explained in #315).

We should better take care of all the mount points, because actually it doesn't seem to be useful to call unshare() on shared mounts (bacuse it has no effect; no isolation). Basically I think that we should:

• do all the "public" mounts (those which are expected to be visible from host) before calling unshare()
• the rest of mounts should be done after unshare, and we should apply --make-rprivate to the root directory the above applies to mock plugins as well.

But first, we should have proper test coverage:

• [ ] gtest that LVM/tmpfs plugin works
• [ ] test that mock works in Fedora toolbox environment (old-chroot only)
• [ ] test that bootstrap build works
• [ ] test that host's mount points (the default namespace) aren't affected at all after running --scrub

[QuLogic]

Could changing of how these mount points are handled fix https://bugzilla.redhat.com/show_bug.cgi?id=1750000 ?