Update to latest containerd, runc, docker

[cbgbt]

Issue number: #1971

Description of changes: This moves Bottlerocket to the latest versions of containerd, runc, and docker.

Testing done:
Our own changes are pretty small here, but testing for feature compatibility, performance, and regressions is critical. All testing has been done with a local build of the latest changes to the bottlerocket-sdk.

• Basic testing of aws-ecs-1 variant
• Basic testing of aws-k8s-1.21 variant
• Sonobuoy conformance testing on several variants
• Test containerd Pod pull improvements from this containerd improvement.
• Test containerd-related settings for compatbility. In particular, Inline registry mirror configuration is deprecated in containerd #1963
• Test rlimit patch rebase

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

[bcressey]

LGTM pending testing. I'll also pull these commits into my own development branch to give them more exercise.

We should confirm that ulimit -n in a pod returns 65k. It'd also be good to keep an eye on the runc 1.1.3 milestone to see if any regressions appear. The dbus fix there might be worth pulling in.

[cbgbt]

LGTM pending testing. I'll also pull these commits into my own development branch to give them more exercise.

Thanks!

We should confirm that ulimit -n in a pod returns 65k.

I've confirmed that the ulimit is appropriately set inside a kubernetes Pod running in this build of containerd!

It'd also be good to keep an eye on the runc 1.1.3 milestone to see if any regressions appear. The dbus fix there might be worth pulling in.

Good tip. A lot of the existing testing for this build is in-flight, I'll complete it and then look into re-running some subset of testing with a patch for that runc issue in place.

[cbgbt]

I've moved testing performance impact of this change to #2171, which is also added to the 1.8.0 milestone and is meant to include changes from #2166.

I'm merging in and testing the runc/dbus fix, then this should be ready for review.

[cbgbt]

It turns out that opencontainers/runc#3476 doesn't totally resolve the issue with dbus.

Our Kubernetes build relies on a vendored version of runc for libct, so we need to also modify that packaging in order to include the fix. This issue is tracked upstream in Kubernetes in kubernetes/kubernetes#100328

I've opened #2172 to track the issue.