lava/lxc-mocker: Add support to use overlay for LXC rootfs
In order to provide support of running multiple jobs at the same time in LXC mocker use a overlay filesystem to create a unique rootfs per LXC.
This functionality can be activated using LXC_MOCKER_USE_OVERLAY env variable by DEFAULT disabled.
The overlay filesystem will be constructed with an upperdir in /lava-lxc-overlays/LXC_NAME and created/mounted when execute lxc-create and destroyed/umounted in lxc-destroy. It also improves security because host rootfs (lowerdir) will be mounted as read-only in the LXC rootfs.
The lxc-attach will execute chroot inside mounted constructed rootfs by LXC_NAME to isolate the command execution to the overlay.
Signed-off-by: Aníbal Limón firstname.lastname@example.org