src/create: Handle read-only /boot

[HarryMichal]

CoreOS recently made /boot read-only[0]. This caused an issue with starting containers because /boot was mounted only with option rslave but missed the ro option. This caused a permission issue.

This scenario is very similar to the one with /usr on Fedora Silverblue. The solution for this is to check mount options of the path and check if it uses the rw option or ro and then add it to the mount options in the --volume option in 'podman create'.

Fixes: coreos/fedora-coreos-tracker#734

coreos/fedora-coreos-config@1de21ff

Situation on CoreOS

This, sadly, does not fix existing containers on CoreOS because the configuration of existing containers can not be changed. The only way to get this fix is to recreate toolboxes.

[softwarefactory-project-zuul]

Build succeeded.

• shellcheck : SUCCESS in 2m 24s
• system-test-fedora-32 : SUCCESS in 5m 51s
• system-test-fedora-33 : SUCCESS in 4m 52s
• system-test-fedora-34 : SUCCESS in 5m 30s
• system-test-fedora-rawhide : SUCCESS in 12m 14s

[HarryMichal]

In the future, we will likely take inspiration from https://github.com/cgwalters/coretoolbox and instead of cherry-picking parts of the host filesystem mount the whole /. I have a local branch where I already tried this and it seems to work without any refactoring of the code. But let's stick with the current approach until v0.1.0 is out, then we can start experimenting more :).

To explain, this change would allow us to make the code for the create command much more simple and give us more control over the mounts because they could be completely handled by the entry-point.

[softwarefactory-project-zuul]

Build succeeded.

• shellcheck : SUCCESS in 2m 06s
• system-test-fedora-32 : SUCCESS in 7m 17s
• system-test-fedora-33 : SUCCESS in 7m 15s
• system-test-fedora-34 : SUCCESS in 5m 14s
• system-test-fedora-rawhide : SUCCESS in 10m 52s

[debarshiray]

Thanks for fixing this and getting it merged! One minor observation: