[Documentation] support configuring runtime capabilities

[majormoses]

We can currently create privileged containers but it would be nice to have able to give it limited access as opposed to keys to the kingdom.

Documentation: https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities

[theist]

AFAIK cap-add and cap-drop are supported here but I'm not a maintainer, just a user who uses this to create containers with SYS_ADMIN capability.

Edit: see #117 (comment)

[majormoses]

Cool, I will write up some docs on it, I did a quick scan but must have missed that.

[espoelstra]

This is another great blog post on how to potentially build the containers for dokken-images in a way that supports systemd without requiring privileged. https://developers.redhat.com/blog/2016/09/13/running-systemd-in-a-non-privileged-container/