Add pre-upgrade logic

[cgwalters]

A lot of discussion in coreos/fedora-coreos-tracker#1263 boiled down to how we preserve barriers in FCOS in a container-native world.

My opinion is we don't - instead, let's add a mechanism for "post-staging/pre-finalization" logic directly into ostree that supports running arbitrary logic.

What I'd propose here is that we make it clear how to spawn a systemd unit (which can in turn invoke a container image too) that starts out with its working directory as the new target filesystem root; the code can inspect both the old and new root, and it would crucially have the ability to change files in etc in the new root. The preupgrade logic could also actually run code from the new root.

We already have today a super basic bit in rpm-ostree that just runs true in the new target root, which this would obsolete. (now that ostree itself depends on bwrap, we could move that here)

The flow would look like:

• Run through all the steps for deployment staging, and mark the deployment as in state "pre-verified"
• Create /run/ostree/staged-deployment-root as a symlink to the new staged path
• Spawn one or more systemd units that use WorkingDirectory=/run/ostree/staged-deployment-root and have the ability to inspect mutate both the current and new state per above
• If preupgrade fails, the deployment moves to state failed-verify and this appears in status and it is not staged for the next boot
• If preupgrade succeeds, the deployment moves to state staged as today

(We could support this for non-staged path too, but I think that's very legacy and we can ignore it)