test: docker: Support sharing /dev nodes using --mount docker option

In device type template, one can set:

actions:
  test:
    methods:
      docker:
        share_devices: direct

share_device option value can be:

* udev (default, in case the value is not set or empty) - previous
  behavior, rely on udev event forwarding, which requires additional
  software running on the host (e.g. lava_dispatcher_host).
* direct - pass device nodes on docker command line using --mount
  option (a more obvious --device option is not used, because it doesn't
  allow device name to contain ':', which is otherwise often the case).
  Only real device nodes are shared, symlinks (as usually created by
  udev on the host) aren't.
* direct-symlinks - like above, but symlinks are shared too. Note that
  such symlinks become real device nodes in the container, which may
  pose problems with some software. (E.g. if software blindly expects
  a particular node to be a symlink, and calls readlink() on it. This
  was seen e.g. with mbedOS tools).

Direct sharing of the devices is mostly implemented by 2 reasons:

1. When LAVA itself runs in a docker container(s), it's yet an open
question how to perform udev forwarding (lava_dispatcher_host isn't
currently a part of the official docker-compose setup for LAVA).
2. Even if forwarding works, it apparently requires udev to be running
in a container to be the receiving side of this forwarding. But that's
oftentimes not the case (udev is not included in docker images), which
would require patching such docker images specifically for LAVA, which
is not always practical.

So, choice of sharing device nodes using native docker means is
provided. This isn't fully optimal/general solution either, e.g.:
a) it apparently won't work with dynamically appearing/disappearing
device nodes; b) there're issues with symlinks, device nodes
containing ':', and capabilities/permission required to access them
(--device doesn't work with ':' in device names, so we have to use
--mount instead; but mount requires using --privileged for most
operations on the device nodes, while --device would require only
particular --cap-add option).

That said, with these new options, there's not a good inventory
to solve different usecases, with this fairly peculiar area of
operating on device nodes in docker containers, which is kind
of fringe area, lying outside the original docker usecases, and
which still requires further evolution upstream or robust external
tools (like lava_dispatcher_host, which itself doesn't cover all
the usecases yet).

Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
19 jobs for docker-shell-device-mount-direct in 17 minutes and 35 seconds (queued for 4 seconds)
latest
Status Job ID Name Coverage
  Test
passed #133454
amd64
dispatcher-debian-10

00:02:26

passed #133456
amd64
dispatcher-debian-11

00:02:26

passed #133455
amd64
server-debian-10

00:02:57

passed #133457
amd64
server-debian-11

00:05:02

 
  Analyze
passed #133458
amd64-dind
bandit-sast

00:00:59

passed #133461
amd64
black

00:00:50

passed #133462
amd64
code_quality

00:00:26

passed #133467
amd64
codespell

00:00:21

passed #133463
amd64
coverage

00:07:00

61.05%
passed #133464
amd64
dockerfiles

00:00:19

passed #133459
amd64-dind
eslint-sast

00:00:25

passed #133466
amd64
pylint

00:03:20

passed #133465
amd64
schemas

00:00:34

passed #133460
amd64-dind
semgrep-sast

00:01:11

 
  Build
passed #133469
amd64
debian/10

00:01:45

passed #133468
amd64
doc

00:00:37

passed #133919
amd64-dind
docker-amd64-dispatcher

00:01:50

passed #133471
amd64-dind
docker-amd64-server

00:03:35

failed #133470
amd64-dind
docker-amd64-dispatcher

00:01:57