lava/lxc-mocker: Add support to use overlay for LXC rootfs

In order to provide support of running multiple jobs at the same time in
LXC mocker use a overlay filesystem to create a unique rootfs per LXC.

This functionality can be activated using LXC_MOCKER_USE_OVERLAY env
variable by DEFAULT disabled.

The overlay filesystem will be constructed with an upperdir in
/lava-lxc-overlays/LXC_NAME and created/mounted when execute lxc-create
and destroyed/umounted in lxc-destroy. It also improves security because
host rootfs (lowerdir) will be mounted as read-only  in the LXC rootfs.

The lxc-attach will execute chroot inside mounted constructed rootfs by
LXC_NAME to isolate the command execution to the overlay.

Signed-off-by: Aníbal Limón <anibal.limon@linaro.org>
16 jobs for lxc_mocker_overlay in 16 minutes and 28 seconds (queued for 2 seconds)
latest
Status Job ID Name Coverage
  Test
passed #129366
amd64
dispatcher-debian-10

00:03:41

passed #129368
amd64
dispatcher-debian-11

00:03:40

passed #129367
amd64
server-debian-10

00:04:01

passed #129369
amd64
server-debian-11

00:06:49

 
  Analyze
passed #129370
amd64-dind
bandit-sast

00:00:57

passed #129371
amd64
black

00:00:37

passed #129372
amd64
code_quality

00:00:23

passed #129377
amd64
codespell

00:00:19

passed #129373
amd64
coverage

00:06:43

61.03%
passed #129374
amd64
dockerfiles

00:00:17

passed #129376
amd64
pylint

00:03:08

passed #129375
amd64
schemas

00:00:31

 
  Build
passed #129379
amd64
debian/10

00:01:50

passed #129378
amd64
doc

00:00:36

passed #129380
amd64-dind
docker-amd64-dispatcher

00:02:06

passed #129381
amd64-dind
docker-amd64-server

00:02:52