Put images on quay.io; run in unprivileged containers; make arch explicit

With these changes, I could successfully build a CI image as part of the CI of mutter. These were the changes I made to make that possible:

• I added a way to add auxiliary repositories.

In mutter and gnome-shell, we use a copr repo where we put newer version of dependencies than is available in fedora. We also put "mock" like packages that replaces real ones. Only the fedora versions of the templates have implementations for this so far.

• I split up FDO_DISTRIBUTION_EXEC into FDO_DISTRIBUTION_EXEC_PRE_INSTALL and FDO_DISTRIBUTION_EXEC_POST_INSTALL

(Replacing `AUX_REPOS). In mutter and gnome-shell, we use a copr repo where we put newer version of dependencies than is available in fedora. We also put "mock" like packages that replaces real ones. Only the fedora versions of the templates have implementations for this so far. The pre-install script would be used to enable this copr before installing packages.

• I added a way to install build deps.

Just for convenience, this is how we do it right now, and it's a lot nicer than having to list it all manually. Only the fedora versions of the templates have implementations for this so far.

• I mimicked the container image building used by buildah itself, and made buildah from not try to duplicate containerazation, so that it could run on a more locked down CI runner. This was necessary to not get Error during unshare(CLONE_NEWUSER): Operation not permitted errors when running buildah from.

• I changed the templates to point to registry.freedesktop.org/freedesktop/ci-templates/quay.io/freedesktop.org/ci-templates/ for fetching buildah bootstrap images. This was necessary as otherwise it'd try to look for registry.gitlab.gnome.org/freedesktop/ci-templates/ which doesn't exist.

• I made the architecture explicit in every build and job.

I tested this by building things at https://gitlab.freedesktop.org/jadahl/ci-templates, then using those from gitlab.gnome.org.