Make LXC works

[tieong]

Hey there,

First time I do a Nix related PR, so would appreciate pointers to do things better.

This PR allow us to create privileged and unprivileged LXC containers, the only thing we are missing here is apparmor support which should not be too hard to enable.

I dug a little into this and we just need to wrap the lxc package so that it can finds apparmor_parser, also it does hardcode stuff such as /usr/bin/lxc-start so we need to patch that as well, and the newuidmap/newgidmap binaries

INFO     idmap_utils - ../src/lxc/idmap_utils.c:lxc_map_ids:165 - newuidmap binary is missing
INFO     idmap_utils - ../src/lxc/idmap_utils.c:lxc_map_ids:171 - newgidmap binary is missing
DEBUG    idmap_utils - ../src/lxc/idmap_utils.c:lxc_map_ids:186 - No newuidmap and newgidmap binary found. Trying to write directly with euid 0

Then it just needs more docs and examples on how to set this, the rest of the pain points I had are in the commit messages.

But it's mostly about how we handle lxc includes, the lxc package and run_command sed problems.