Add a `--netns FD` option for preexisting namespaces

[AncientRepositoryOfKnowledge]

The use case is for sandboxing a network service. I already have set up network namespaces to use, however bubblewrap doesn't seem to provide the option to use an already-existing namespace; it's either the hosts or a new one. As it stands one must use other container software (or unshare manually) to accomplish this.

[rusty-snake]

Sounds like a valid use case. Keep in mind that bwrap (a unprivileged process) can not join arbitrary namespaces. Only namespaces you can also join with nsenter --preserve-credentials -U -n can be joined by bwrap too. Means --netns will require that you use --userns too.