use BPFProgram=device: to configure the devices cgroup

[giuseppe]

trafficstars

crun currently uses the systemd d-bus API to set up device cgroups. Update the runtime to use BPFProgram=device: on cgroup v2 instead to avoid multiple conversions of rules and to express all the rules without the limitations imposed by systemd. The same generator used for the cgroupfs driver can be used to generate the ebpf.