Allow containers to join the agent/init PID namespace.

[amshinde]

We have had requests from users where they would like to run debug sidecars for gathering debug/audit data for a pod. For this, it is necessary for an audit container to be in the same PID namespace as the agent/init process to be able gather audit events.

(This is somewhat analogous to the "hostpid" functionality provided by
k8s, but in this case this is applied within the guest and on a per
container basis)

[amshinde]

cc @bergwolf @egernst