add custom CMD (new style entrypoint/cmd) to metatron validation

[fabiokung]

Description of the Change

entrypoint and command are now verified as arrays by metatron. Backwards and forwards compatibility is being done by the metatron service itself.

[codecov]

Codecov Report

Merging #160 into master will decrease coverage by 0.03%.
The diff coverage is 0%.

@@            Coverage Diff             @@
##           master     #160      +/-   ##
==========================================
- Coverage    33.3%   33.26%   -0.04%     
==========================================
  Files          62       62              
  Lines        7491     7500       +9     
==========================================
  Hits         2495     2495              
- Misses       4695     4704       +9     
  Partials      301      301

Impacted Files	Coverage Δ
executor/metatron/metatron.go	0% <0%> (ø)	⬆️
executor/runtime/docker/docker.go	50.83% <0%> (ø)	⬆️
executor/runner/runner.go	60.62% <0%> (-2.16%)	⬇️

[sargun]

Are these all required fields? If not, can you do c.TitusInfo.GetMetatronCreds().GetAppMetadata(), so it wont nil pointer dereference?

[fabiokung]

that's a good idea, the old code wasn't checking it (there is a nil check in the code that calls this) so this should be safe as-is. But our future selves will probably appreciate it is a bit safer.

[andrew-leung]

I notice we removed the call to this function back in May (885ba4b#diff-957e82dddf339c98741109a28268e372). Does that mean we are leaving these creds laying around the host? I realize this is unrelated to this specific PR.

[sargun]

Yeah. We are. It'd be nice to move to a model where the agent never has to write / read metatron creds from disk, and instead the metatron agent wrote a tarball to stdout.

[fabiokung]

Yes, I think you may be right.

[andrew-leung]

I agree with wanting to avoid writing those creds to disk, but in the meantime seems like we shouldn't be accumulating them on agent (especially since we just saw nfbasic restriction regress). Since it's not really part of this PR, I can file something to at least clean up the creds but to ideally find a way to just pass vs persist them.

[coveralls]

Pull Request Test Coverage Report for Build 1760

• 0 of 28 (0.0%) changed or added relevant lines in 3 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage decreased (-0.02%) to 22.831%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
executor/runtime/docker/docker.go	0	2	0.0%
executor/metatron/metatron.go	0	8	0.0%
executor/runner/runner.go	0	18	0.0%

Totals
Change from base Build 1735:	-0.02%
Covered Lines:	2163
Relevant Lines:	9474

---

💛 - Coveralls