Add support to containerRunOptions for --cap-drop

[ddl-ebrown]

For security reasons, it's often desirable to drop all linux capabilities when running containers in Kubernetes. However, there is currently only a way to add capabilities for tests and no way to drop them.

As seen in, https://github.com/GoogleContainerTools/container-structure-test/pull/327, support was only added for --cap-add

--cap-drop can similarly remove default capabilities - see https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities