Enable unprivileged containers

[SphtKr]

This includes two features that make it possible to run unprivileged. 1. Setting the XID range with IDLOWER and IDUPPER (in order to fit within a container-remapped UID range of 0-65535) and 2. Setting ACLSTORAGE to userns which provides some options to the storage modules to record ACL data in a namespace where an unprivileged container can get at it. See changes in README.md for more info.

These changes are based on a significant amount of research and tinkering and may not be 100% correct but they seem to work in the home-lab environment I've tested with so far, feedback welcome.