Support kata-containers workload attestation

[Joffref]

As discussed in #4522, SPIRE cannot attest workloads inside kata-containers (microVM) as SPIRE relies on the host Kernel to attest workloads and containers are running onto several guest kernels it can't retrieve the associated selector.

Feature Request Be able to attest workloads inside kata-containers reliably.

Options considered As the PID and ContainerID are known by Kata-containers during the workload execution, we might leverage on this to map ContainerID, thus microVM, and PID. One risk is to collide PIDs as they're not managed by the same kernel.

That's my fast overview of the situation. If someone has thought about that question, feel free to share your insights.

Cc: @evan2645