feat: Add kubernetes device ownership

[vigh-m]

Description of changes:

• Create a new setting to hold the device-ownership-from-security-context boolean. This is to support the same setting in the containerd CRI plugin as described here

Testing done:

• The setting shows up as expected in an AMI built using this settings-sdk

  # apiclient get settings.kubernetes.device-ownership-from-security-context
  {
    "settings": {
      "kubernetes": {
        "device-ownership-from-security-context": false
      }
    }
  }
  

• Changing the setting works as defined:

  [root@admin]# apiclient set settings.kubernetes.device-ownership-from-security-context="true"
  [root@admin]# apiclient get settings.kubernetes.device-ownership-from-security-context
  {
    "settings": {
      "kubernetes": {
        "device-ownership-from-security-context": true
      }
    }
  }
  [root@admin]# sheltie cat /etc/containerd/config.toml | grep device
  device_ownership_from_security_context = true
  

• The setting has the desired effect on device ownership

  • When true:

    # kubectl exec -it single-node-test -- bash
    ubuntu@single-node-test:/$ ls -lah /dev/ | grep neuron
    crw-------. 1 ubuntu 2000 244, 0 Dec 20 00:25 neuron0
    

  • When false:

    # kubectl exec -it single-node-test -- bash
    ubuntu@single-node-test:/$ ls -lah /dev/ | grep neuron
    crw-------. 1 root root 244, 0 Dec 19 20:03 neuron0
    

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[yeazelm]

The change looks good but nit about the commit message: I'd like a basic explanation about the change more than just the title to help folks piece together what it is intended for or why it was added since this is in a different repo from where the interesting parts will land.

[vigh-m]

Ack. Updated the commit message with some more context.

[cbgbt]

Thanks!