kas-docker: Podman: Update podman flags to make non-isar builds working

The following flags were added:
  --userns=keep-id:
    By default podman maps the user that is executing the podman run
    command into the container as root user. That is not what the kas
    entrypoint inside the container expects. Using keep-id tells podman
    to use the expected 1:1 mapping. The entrypoint is able to create
    the build user as expected.

  --security-opt label=disable:
    This is for SELinux enabled systems only. When running on SELinux
    enabled systems the volumes assigned to the container would not be
    accessible at all. The alternative to disable the labeling would
    be passing the "z" or "Z" flag to all volumes (-v) which may be
    even more dangerous.

Signed-off-by: Florian Bezdeka <florian@bezdeka.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>

kas-docker

@@ -93,6 +93,7 @@ docker)
 podman)
 	DOCKER_COMMAND="podman"
 	DOCKER_IMAGE="docker://${DOCKER_IMAGE}"
+	ENGINE_ARGS="--userns=keep-id --security-opt label=disable"
 	;;
 *)
 	echo "$0: unknown docker engine '${KAS_DOCKER_ENGINE}'" >&2
@@ -136,7 +137,7 @@ while [ $# -gt 0 ]; do
 		;;
 	--docker-args)
 		[ $# -gt 0 ] || usage
-		USER_ARGS=$2
+		ENGINE_ARGS="${ENGINE_ARGS} $2"
 		shift 2
 		;;
 	--ssh-dir)
@@ -317,6 +318,6 @@ if [ -z "${NO_PROXY_FROM_ENV+x}" ]; then
 	done
 fi
 
-trace ${DOCKER_COMMAND} run "$@" ${ISAR_ARGS} ${WITH_LOOP_DEV} ${USER_ARGS} \
+trace ${DOCKER_COMMAND} run "$@" ${ISAR_ARGS} ${WITH_LOOP_DEV} ${ENGINE_ARGS} \
 		 ${DOCKER_IMAGE} ${CMD} ${KAS_OPTIONS} ${KAS_FILES} \
 		 ${KAS_EXTRA_BITBAKE_ARGS}