Use `chroot` and related friends for some notion of security

[sgraf812]

The following scenario is really bad for security reasons:

1. A third party gets a repository accepted to the configured feed-gipeda.yaml
2. The third party changes its benchmarkScript to something malicious
3. The script can trivially access the whole build slave.

Means for damage mitigation:

• http://superuser.com/questions/183794/is-it-possible-to-run-a-bash-script-in-a-sort-of-sandbox

Question is if this should me moved into feed-gipeda or is rather an obligation of the surrounding build slave architecture. In any case, as long as the slave node is on a separate machine isolated from the master node, tampering with the generated site should be impossible.

[sgraf812]

I'm closing this for now, as I'm playing around with docker containers for benchmark slaves, which should mitigate most of the problems: https://hub.docker.com/r/sgraf812/haskell-bench-slave/