Make Github Runner jobs run in QEMU instead of on bare metal

[ArneTR]

• First install quemu and a KVM launcher on your box.
  => In the end we need to launch the QUEMU VMs via command line

What we need, please check locally:

• • • The credentials of the used github runner must be injected into QEMU (they do not have to be hidden though, as the "user" of the run already has access to it)
• The should always 1 process lingering.
• As soon as the test-run finishes the QEMU process should be shutdown and a new one started
• How do we know when we can close the QEMU? Can we send data back from the VM? -> Look at QEMU guest agent

[ArneTR]

Our current best approach: Using QEMU volume mounts to inject a file with the credentials for the user to run the testing service.

Here is a bit of a head start to launch a QEMU instance from the command line.

This is NOT a good security solution, as it does not use libvirt to setup the instance, but it serves as a good one for testing:

sudo qemu-system-x86_64 \
   -enable-kvm \
   -smp 1 \
   -m 2048 \
   -machine q35 \
   -cpu host \
   -global ICH9-LPC.disable_s3=1 \
   -net nic,model=virtio \
   -net user,hostfwd=tcp::8022-:22,hostfwd=tcp::8090-:80  \
   -drive file=/usr/share/OVMF/OVMF_CODE.secboot.fd,if=pflash,format=raw,unit=0,readonly=on \
   -drive file=/usr/share/OVMF/OVMF_VARS.ms.fd,if=pflash,format=raw,unit=1 \
   -drive "file=ubuntu-22.04.1-live-server-amd64.iso",if=none,format=raw,id=disk1 \
   -device virtio-blk-pci,drive=disk1,bootindex=1 \
   -serial mon:stdio \
   -sandbox on,elevateprivileges=deny