support recursive read only (`rro`) option for mounts

[danishprakash]

ro on linux kernel < 5.12 doesn't apply MT_RECURSIVE leading to submounts not respecting the readonly option.

crun/runc achieve this by calling mount_setattr(2) when passed the rro mount option. This change check whether the runtime in use supports rro and the kernel supports mount_setattr(2) and passes rro to the runtime. It defaults to rro when supported and when ro is specified. If rro is specified and unsupported, it returns an error.

Closes #24229

Signed-off-by: Danish Prakash [email protected]