Gracefully handle plugin operations not permitted in containers

[dmnks]

Some of the rpm plugins we ship (such as -ima or -unshare) require privileges or capabilities that are not necessarily available when running inside containers, and will fail the transaction otherwise. Ideally, one wouldn't install these plugins in such environments in the first place, however they might get pulled in as dependencies of other packages and so being more graceful probably wouldn't hurt. That means, instead of erroring out completely, produce an (informative) warning instead.

There's some precedent in the -selinux plugin already (see e.g. #1103), this ticket is about extending that to the other plugins as needed.

Originally filed against Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=2292617

[pmatilai]

At least we should document known limitations in the plugin man pages.

[dmnks]

I know we agreed upon just filing a documentation ticket for this one, but then I thought, it's kinda obvious and implicit that e.g. an IMA plugin that's supposed to write extended file attributes needs permissions to do that... However, thinking about it again, maybe it's all we need, after all.