Add ID-mapping capabilities

[sondavidb]

Issue #, if available:

Description of changes:
Working off the POC at Kern--/idmap-v2, added id-mapping capabilities to the snapshotter.

The PR additionally has a commit to add a separate ctr binary nerdctl binary (EDIT: later iterations changed this to a nerdctl binary) to the container. This is because containerd doesn't support id-mapping in ctr nerdctl in an official release yet, so we need a specific binary to pass the proper labels. This is done by adding a new Makefile target and copying it in the Dockerfile, but I'm open to different approaches here.

Testing performed:
make test and make integration

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[austinvazquez]

Thanks for including the modified ctr as a individual commit. Makes it easy to revert if containerd accepts the upstream contribution later.

Overall nice work iterating on this. I would like to see the logging cleaned up a bit. Some considerations:

1. Quite a bit of info logging occurring. Should some of these be reduced to debug or trace logs? Users running in production operate a large scale, so cost of logs increases quickly. So make each log count.
2. Prefer structured logging over formatting. Think about the tech that gets paged and has a hard time finding where in code an error originated because it has been formatted.

[sondavidb]

New changes address logging concerns as well (EDIT: missed some) as moved the FUSE server setup to a new function. I think this also made the tests pass properly, possibly because I previously didn't setup the fuse logging properly before? NVM, still not good, seems the FUSE servers aren't being set up properly. Might have to do with the layer bit Austin mentioned...There's also parts w/ overlay fallback which means that the layer isn't being setup properly, but the new code shouldn't even be called unless id-mapping is turned on? So I'm a bit confused...

Also added a new internal patch which will make the diff look even bigger but it's just so we can store the patch locally.

[sondavidb]

FWIW, I tested these changes on the ubuntu runners and they all seemed to pass?? Not sure what it might be indicative of.

sondavidb#20

[Kern--]

I'm still reviewing, but I wanted to get my comments in so far before they drift too far.

[sondavidb]

Looks like I undid a ton of changes and messed things up while rebasing 😓 Manually re-added everything I think but should double check.

Will double-check multi-uid/gid mapping shenanigans tomorrow as well as using nerdctl instead of ctr but I'll have to see.

[Shubhranshu153]

not sure about the -pR change, we need to test more to approve this
if with -a the concerns about hardlink is indeed true then we can change, otherwise i will prefer not to change this option.

[sondavidb]

Ended up just using -a --no-preserve=links and it seems to work

[sondavidb]

Rebased with main

[austinvazquez]

Thanks for tightening up the logging. It looks much better!

Change LGTM.

[sondavidb]

Newest changes should address most recent concerns with variable naming and also adds testing for files inside the container as well

[sondavidb]

After this is merged I think documentation on how to actually use this feature would be nice. I can take it as a followup.