layer: overlay userxattr support

[cyphar]

Moved out of #572 because it ultimately may require some of the umoci.json changes mentioned in #574 (comment) (and #584) and is not a critical bugfix for 0.5.

---

overlayfs added support for unprivileged mounting a long time ago, and the userxattr option allows unprivileged users to create whiteouts (mknod c 0 0 works for unprivileged users for a while now, but trusted.overlay.opaque doesn't) and configure other overlayfs xattrs.

However, mounting overlayfs without userxattr will result in said user.overlay.* xattrs becoming visible, which is not something we want. This needs to be configurable so that the overlayfs mount is aware that we do or don't have userxattr-compatible xattrs (probably as a broader part of #574).

• We need to find a nice way of supporting the user.overlay.* namespace.
  • For Generate*Layer we should arguably generate overlayfs regardless of which namespace is used but when extracting we should probably have a config option to specify what namespace we should use (or both). The default could be based on whether we are rootless or not.