Support multiple uid/gid mappings [1/2]

[henry118]

Enhance user namespace implementation to support multi-entry uid/gid mappings.

This is 1st patch (out of 2) that supports multiple entries of uid/gid configurations. This patch focuses on the "slow" path that requires chown on every file in the root FS. uidmapped mounts implementation will be covered in a separate PR.

This implementation has changes in the following area:

1. Ported the IdentityMapping implementation from idtools package in Moby.
2. Added a few container opt funcs to take multiple uid/gid mappings.
3. Allowing multiple --uidmap, --gidmap options in ctr run command.

An sample command to run a container with remapped foo user:

ctr run --uidmap 0:100000:1000 --uidmap 1000:201795:1 --uidmap 1001:10000000:64535 --gidmap 0:100000:100 --gidmap 100:1001:1 --gidmap 101:10000000:65435 --user foo <image> test bash

I hope the implementation makes sense and I'm looking forward to your feedback :)

[estesp]

/test pull-containerd-node-e2e

[estesp]

I'm adding to 2.0 milestone; @containerd/maintainers let me know if anyone thinks it should not be in 2.0

[estesp]

I think the usage string (for this and gidmap) needs to reflect that it is now a slice/list of maps; at least the first clause should end with mapping range(s); could also add at the end a new clause: ", separate multiple mappings with a comma"

[henry118]

After this change, the help message for this option becomes the following.

--uidmap container-uid:host-uid:length [ --uidmap container-uid:host-uid:length ]  Run inside a user namespace with the specified UID mapping range; specified with the format container-uid:host-uid:length

I think the additional [] will indicate the option is a slice. But I think updating the "mapping range" to "mapping ranges" was a good call out. I will make the update in the next revision.