Rootless podman support

[tdgroot]

I like using Podman. It's easy to use and deploy, has proper rootless support and is also compatible with Docker and Docker Compose.

To get Warden working with Podman on my Fedora 37 machine (with SELinux disabled), I had to make a few changes:

• Build the php-fpm/magento2 image locally (looks like it has something to do with some bad UIDs in node_modules)

  $ warden env pull
  ...
  copying system image from manifest list: writing blob: adding layer with blob 
  "sha256:30a0e4949fbc3d1e962886ce598ed231fda3429c79ba6ef20136d5c83664941e": processing tar 
  file(potentially insufficient UIDs or GIDs available in user namespace (requested 376884:5762 for 
  /usr/local/lib/node_modules/gulp/node_modules/clone-stats/LICENSE.md): Check /etc/subuid and 
  /etc/subgid if configured locally and run podman-system-migrate: lchown 
  /usr/local/lib/node_modules/gulp/node_modules/clone-stats/LICENSE.md: invalid argument): exit status 1

• Change and build the nginx image to check the common Podman resolver IP, including setting a resolver_timeout (see Add podman support for nginx images#8).
• Configure NetworkManager dnsmasq

  echo -e "[main]\ndns=dnsmasq" > /etc/NetworkManager/conf.d/00-use-dnsmasq.conf
  echo -e "no-resolv\n\nbind-interfaces\n\nserver=1.1.1.1\nserver=1.0.0.1\n\nstrict-order\n\naddress=/.test/127.0.0.1" > /etc/NetworkManager/dnsmasq.d/warden.conf

• Allow unprivileged user to bind to port 80 and higher

  echo net.ipv4.ip_unprivileged_port_start=80 | sudo tee /etc/sysctl.d/99-warden.conf
  sudo sysctl --system

• Set following Warden settings, related to this PR

  echo 'WARDEN_DNSMASQ_ENABLE=0' >> ~/.warden/.env
  echo 'WARDEN_DOCKER_SOCK=${XDG_RUNTIME_DIR}/podman/podman.sock' >> ~/.warden/.env
  echo 'WARDEN_DOCKER_USERNS_MODE=keep-id' >> ~/.warden/.env