Replace docker-in-docker with buildah

This avoids the need of using privilledged namespaces and dind as buildah/podman are able to build images unprivilledged.

One thing to note is that podman inside docker is not a supported configuration and not tested in upstream podman, but the possible fallout is still easier to deal with than dind and requiring privileged runners.