Add support for running bootc bootable containers

[albertofaria]

We attempt to detect if a container image is bootable. We can't easily retrieve the image's labels, so we instead look for files under /usr/lib/bootc/install. If there are none, it isn't a bootable container. If it is a bootable container but we're not running under Podman or Docker, we fail with an error.

Once our container's entrypoint starts running, a background process on the host (outside the container) queries Podman/Docker for the image's name and ID, which the OCI runtime does not get but bootc-install needs. It then saves the container image as a docker-archive.

It then runs the original container to generate the VM image. We do this using krun so that elevated privileges aren't necessary. Our entrypoint blocks until this is done, and all subsequent logic remains the same.

We could potentially avoid the docker-archive creation step by mounting the host's container storage into the container running under krun. This isn't trivial to achieve due to SELinux label and context mismatches between the host and the krun environment, so we leave this optimization for a future date.

Closes #26.

TODO:

• [ ] Wait for containers/libkrunfw#57 to make it into an upstream release.
• [x] Wait for ostreedev/ostree-rs-ext#620 to make it into an upstream release.
• [x] Wait for an upstream bootc release making use of that ostree-rs-ext release.
• [ ] Wait for that bootc release to make it into Fedora and quay.io/fedora/fedora-bootc:40.

[albertofaria]

@rhatdan @germag WDYT?

[packit-as-a-service[bot]]

Ephemeral COPR build failed. @containers/packit-build please check.