Figure out a way to run WDL and CWL runners without nondefault Docker privileges

[stxue1]

We do some trickery with syscalls and whatnot to allow Singularity to run inside the container https://github.com/DataBiosphere/toil/blob/5d436d3b094dc3bec017a770c7fe04ce2f345267/src/toil/provisioners/abstractProvisioner.py#L820

This means toil-wdl-runner (and maybe toil-cwl-runner) is unable to run inside a default Docker command, ie docker exec -it toil_image toil-wdl-runner... after a default docker run toil_image.

This is resulting in some issues with the TES plugin, and might have other implications for other batchsystem plugins who want to run the Toil container via their own docker command. (Though the main issue with TES is it wants to run the container as read only)

┆Issue is synchronized with this Jira Story ┆Issue Number: TOIL-1558