Add "privileged container" mode to sandbox.c (JuliaPackaging#132)

* Add "privileged container" mode to `sandbox.c`

On some Linux kernels, mounting overlay filesystems within user
namespaces is broken, see [0] for an Ubuntu issue tracking this and
their patch to fix it. To work around this, we allow the user to enable
running the sandbox through `sudo`, which adds another path through the
already convoluted `sandbox.c`.  After a thorough reorganization of
`sandbox.c`, we now have three well-defined execution modes (init,
unprivileged and privileged) and a `sandbox` that can either mount
overlay filesystems as root within a user namespace, or can mount
overlay filesystems as root outside of a user namespace, then enter the
user namespace.

[0] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1531747

* Bump rootfs version

* Quash some small bugs

Author: staticfloat

.gitignore

@@ -2,3 +2,4 @@
 *.jl.*.cov
 *.jl.mem
 global_prefix
+.vscode/

.travis.yml

@@ -23,7 +23,8 @@ env:
   matrix:
     - BINARYBUILDER_USE_SQUASHFS=true
     - BINARYBUILDER_USE_SQUASHFS=false
-    
+    - BINARYBUILDER_RUNNER=privileged
+
 cache:
   directories:
     - deps/downloads