Ability to use OCI images as base for benchmarking containers

[PhilippWendler]

If one wants to benchmark a tool that is readily available in an OCI container image, it would be convenient if one could simply tell BenchExec to use such an image as the base of the container, just like one does with standard container runtimes like Docker/Podman. FM-Weck already has this feature, but it relies on the container containing a trusted Python executable that is compatible with runexec. A better solution would be to have something implemented in runexec itself that does not pose any requirements on the container.

Ideas:

• Mount runexec and its dependencies a Podman container and start it there. This is similar to what FM-Weck does just for runexec. This could maybe even be in a directory that is then hidden from the actual tool by unmounting everything again, or by creating another mount namespace just for runexec.
• Let runexec start a Podman container (like FM-Weck does), but then move itself into the container (with setns).
• Use Podman to just extract/mount the image somewhere (e.g., with podman mount) and then let runexec start its container with that as its root directory, with no Podman container being started.

The last solution should be the technically cleanest one because it avoids the need for having a BenchExec container nested into a Podman container.