Design change to accomodate User namespace requirement

[mavenugo]

As of Libnetwork 0.4 / Docker 1.8, libnetwork creates and owns the container's network namespace. The network resources are later pushed into the namespace and returned to the caller (Docker Daemon).
Since the namespace is entirely managed by libnetwork, the concept of Sandbox was an implementation detail within.
In order to support the User namespace requirement, as seen in moby/moby#15187, we end up in a fundamental change in the design, summarized as follows

1. Expose CNM's Sandbox object through APIs
2. Separate endpoint and sandbox (container) configs & lifecycle cleanly
3. Redesign the current endpoint join operation as a 2 step process
   • Allocate Network resources based on container configurations.
   • Wait on a Namespace creation call from the Daemon and apply the allocated network resources to the namespace.

We will open smaller PRs to address these changes in incremental fashion.

[estesp]

A minor comment on milestone--assuming this is necessary for the user ns work in Docker, I notice that the 0.5 milestone has an October timeframe, but to make 1.9 for user ns, we will need it much sooner. I know you are already working on it, so again, this may be a minor nit, but just wanted to verify we're talking about the same work. Thanks!

[mavenugo]

@estesp this is one of the top priority. once #365 gets merged, we will have the userns specific changes merged right after. The milestone is purely based on release and doesn't indicate the priority :)

[estesp]

great, thanks @mavenugo!

[aboch]

Closed by #365 #502