Swap out `nsenter` with Go-native code

[nicholascioli]

As described in this issue, this commit removes the need for the nsenter binary on the host for linkerd to function in CNI mode. Read-only filesystems and OSs without the nsenter binary (such as Talos OS) cannot currently run linkerd without this change.

I tried running the integration tests, but couldn't get the complete integration test to work even with no changes. That could be because I was running docker on Windows and passing the socket into WSL which then passed it into the dev container, but I don't see why that wouldn't work.

Also, if you prefer that I use the code mentioned here instead, please let me know. I'm not sure how to test this on Talos itself, but am definitely willing to try!

[kflynn]

Augh, so sorry for the lack of response here! @nicholascioli, can you fix the conflicts and DCO? I'll see if I can get a maintainer looking at this in the meantime. 🙂

[nicholascioli]

No worries! I've rebased and added the DCO, but I am not a go expert and had to run go mod tidy to add the direct dependency on CNI plugins. Let me know if you prefer something else for the go.mod / go.sum files.