feat: support container file mode

[astromechza]

Up until now we were ignoring the container file mode bits. This PR fixes that, we now allow the file mode to be set on the file as an octal number.

The restrictions are:

1. must always be readable by the owner (> 0400)
2. if the owner does not have write permissions, we enable read only on the bind mount itself
3. otherwise any other file mode that works is accepted.
4. cannot be > 0777