remove uses of github.com/runc/libcontainer/cgroups

[thaJeztah]

• relates to Implement RuntimeConfig CRI call #8722

remove uses of github.com/runc/libcontainer/cgroups

runc considers libcontainer to be "unstable" (not for external use),
so we try not to use it. Commit ed47d6b (#8722)
brought back the dependency on other parts of libcontainer, but looks to
be only depending on a single utility, which in itself was borrowed from
github.com/coreos/go-systemd to not introduce CGO code in the same package.

This patch copies the version from github.com/coreos/go-systemd (adding
proper attribution, although the function is pretty trivial).

runc is in process of moving the libcontainer/user package to an external
module, which means we can remove the dependency on libcontainer entirely
in the near future. There is one more use of libcontainer in our vendor
tree; it looks like CDI is depending on one utility (devices.DeviceFromPath);

containerd/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/container-edits_unix.go

Line 38 in a943033

hostDev, err := runc.DeviceFromPath(d.HostPath, "rwm")

We should remove the dependency on that utility, and add a CI check to
prevent bringing it back.

pkg/systemd: use sync.Once for systemd detection

This brings over the enhancement from moby/moby@a506630 (moby/moby#41656).

We don't expect the systemd state to change while containerd is running,
so we can use a sync.Once for this, to prevent stat'ing each time.

[fuweid]

LGTM

[thaJeztah]

• also opened pkg/cdi: remove github.com/opencontainers/runc/libcontainer dependency cncf-tags/container-device-interface#158 to remove the remaining part

[AkihiroSuda]

The file name should be _linux.go

[thaJeztah]

Heh, I was considering that, but also knew there were some other PR's being reviewed for "no_systemd" build-tags, so thought I could reduce some churn by using build-tags inside the file, but happy to rename if it's a blocker for you ☺️