Consolidate sandbox images and inject analyze script at runtime

[calebbrown]

Packages downloaded from package repositories often depend on other ecosystems to function correctly (e.g. an NPM package uses PyPI).

So rather than having a separate sandbox image for each ecosystem we could instead have a single common image and just mount the analyze script into the image.

This enables some interesting other capabilities:

• make the sandbox harder to evade by detecting the analyze script
• allows different versions of linux, node, python, etc to be tested
• makes the infrastructure more flexible for broader use-cases

[calebbrown]

This needs some more thought.

One challenge is handling packages that depend on a specific version of Node, PHP, Python, etc.

Perhaps more decoupling between the sandboxes + dynamic analysis and the package repositories + analysis scripts makes sense though.