Migrate from containerd/cgroups to opencontainers/runc/libcontainer/cgroups

[dtrudg]

Type of issue
technical debt

Description of issue

At present we call into the containerd/cgroups module to use its cgroups manager code. This code is less actively developed than opencontainers/runc/libcontainer/cgroups, and lacks functionality which would ease us:

• Supporting the unified spec key for resource limit definitions.
• Supporting the systemd cgroups manager with a well-documented mapping of LinuxResources -> systemd unit annotations (https://github.com/opencontainers/runc/blob/master/docs/systemd.md)
• Supporting rootless cgroups via code leveraging systemd delegation that has well documented requirements (https://github.com/opencontainers/runc/blob/master/docs/cgroup-v2.md)

Note that though runc/libcontainer is considered to be mostly 'internal' code, and not for public consumption, the cgroups portions are the exception. These are used by kubernetes, podman, etc. and will stay public as described in opencontainers/runc#3028

I believe that converting from containerd/cgroups to opencontainers/runc/libcontainer/cgroups should be a step taken before pursuing #299 and #300. To accomplish particularly #300 with containerd/cgroups is not trivial. There is no user systemd manager related code in the module, so we would need to perform dbus comms with systemd to establish an initial user slice/scope ourselves. The libcontainer code already includes what we need: https://github.com/opencontainers/runc/blob/master/libcontainer/cgroups/systemd/user.go

Note that our cgroups spec format mirrors LinuxResources from opencontainers/runtime-spec/specs-go and there is translation code to the runc internal config format in runc, which we can use as a starting point:

https://github.com/opencontainers/runc/blob/5fb9b2a006725d468381de8d300bb9baecc726f7/update.go#L137

[tri-adam]

Seems reasonable and well thought out to me, @dtrudg. Would love to see this in 3.10.