Signed-off-by: Serge Hallyn <serge@hallyn.com>

While stacker knows how to use squashfuse for 'stacker grab', that
function simply keeps the squashfuse process running for the duration
of the grab, then lets it close.  For atomfs molecule.Mount, we must
release that process.

So when doing atomfs.Mount(),

first check whether we are definitely NOT root using amHostRoot().
There is a corner case which can slip past this - namely if you,
as root, create a userns wherein you map the full host uid range.
However, you'll never have real root being told it wasn't real
root.

Second, if neither of those are the case, then try the regular
mount syscall, requiring root.  If that succeeds, or fails with
a non-permission error, then return.

If we are detected as not-real-root, or if mount failed as real root
with a permission error, and no verity root has was provided, then use
squashfuse, and release the exec'd process so that it can outlive us.

The actual squashfuse mount function is shared with the
extract path.

Signed-off-by: Serge Hallyn <serge@hallyn.com>