Add per-container networking flag to ContainerManager.create()

[DePasqualeOrg]

This PR adds a networking: Bool = true parameter to ContainerManager.create() so callers can opt out of network interface creation on a per-container basis.

Motivation

Currently, ContainerManager.create() unconditionally allocates a vmnet network interface for every container (when the manager has a network configured). Some use cases don't need network access and benefit from having it disabled to reduce attack surface.

There's no way to achieve this today without either:

• Initializing the ContainerManager without a network (which disables networking for all containers)
• Clearing config.interfaces in the configuration closure (which wastes an IP allocation from the vmnet pool since network.create(id) has already been called)

Changes

• Add networking: Bool = true to all three create() overloads on ContainerManager
• When false, self.network?.create(id) is skipped entirely. No interface is allocated, and no DNS is configured.
• releaseNetwork/delete remain safe to call regardless, since Allocator.release silently ignores unknown IDs.
• Add unit test testNetworkingFalseSkipsInterfaceCreation using the existing NilGatewayNetwork fixture
• Add integration tests testNetworkingDisabled and testNetworkingEnabled that create containers through a network-enabled ContainerManager and verify the presence/absence of eth0 via /sys/class/net/