Add support for RUN --security=insecure

[fenech]

Is your feature request related to a problem? Please describe.

I would like to build an image that uses RUN --security=insecure, but the build task fails when it reaches this line

Describe the solution you'd like

I would like to be able to pass a build parameter such as ALLOW_SECURITY_INSECURE=true and for this to enable this functionality.

Describe alternatives you've considered

I have already tried updating the code and setting:

• --allow security.insecure on the buildctl build command and
• --allow-insecure-entitlement security.insecure on the buildkitd command,

which means that the build no longer directly fails due to the presence of RUN --security=insecure, but now I get an error like:

#18 0.273 runc run failed: unable to start container process: error during container init: error setting cgroup config for procHooks process: failed to write "b *:* rw": write /sys/fs/cgroup/devices/buildkit/hv0ycarf3dab1eaw4pxgeabv7/devices.allow: operation not permitted

So I guess that some additional changes are needed and I'm already out of my depth!

Additional context

I need this so that I can run puppeteer during a build, which requires CAP_ADMIN as mentioned here https://pptr.dev/guides/docker/

[fenech]

In case it's of any interest, I notice that the path referred to in the error message is: /sys/fs/cgroup/devices/buildkit/hv0ycarf3dab1eaw4pxgeabv7/devices.allow whereas if I intercept the build task, there are no subdirectories within /sys/fs/cgroup/devices/buildkit