daemon/setMounts(): don't let user mounts overshadow spec mounts

[kolyshkin]

There are some scenarios in which a user-supplied mount overshadows
a one from spec. For example, in case of docker run -v /tmp:/sys/fs
the spec-supplied /sys/fs/cgroup mount will not be visible from
inside the container since user-supplied mount /sys/fs will be mounted
later.

The solution in this commit is to sort mounts
so that the shallower ones (like /a/b) will come before deeper ones
(like /a/b/c). Note this changes the order of mounts but AFAIK it is
not important (except for the case that this commit fixes).

Since sorting is now done for all mounts, there is no sense to
do sort of user mounts before calling setMounts(), so remove it.

NOTE there are many ways to sort mounts, such as:

1. alphabetically (what this commit does);
2. by number of slashes (as in daemon/volumes.go)
3. by checking that later mounts are not prefixes for earlier ones,
   and swapping those if they are

I tried a few and settled on simple alphabetical sort, as
it does the job and its code is the simplest.

Fixes #37702

[codecov]

Codecov Report

❗ No coverage uploaded for pull request base (master@0c5f8d2). Click here to learn what that means.
The diff coverage is 100%.

@@            Coverage Diff            @@
##             master   #37704   +/-   ##
=========================================
  Coverage          ?   36.46%           
=========================================
  Files             ?      611           
  Lines             ?    49545           
  Branches          ?        0           
=========================================
  Hits              ?    18069           
  Misses            ?    28913           
  Partials          ?     2563

[kolyshkin]

rebased; should help CI

[kolyshkin]

power CI timed out; doesn't look like stuck, seems it's just super slow today, need to be restarted:

02:59:56.636 PASS: docker_cli_network_unix_test.go:1247: DockerNetworkSuite.TestDockerNetworkRestartWithMultipleNetworks 2.809s
03:00:11.825 PASS: docker_cli_network_unix_test.go:309: DockerNetworkSuite.TestDockerNetworkRmPredefined 0.140s
03:00:28.904 PASS: docker_cli_network_unix_test.go:1126: DockerNetworkSuite.TestDockerNetworkRunNetByID 1.431s
03:00:42.290 Build timed out (after 180 minutes). Marking the build as failed.
03:00:42.290 Build timed out (after 180 minutes). Marking the build as aborted.

experimental CI: known flaky test (#33041)

01:38:58.077 FAIL: docker_cli_swarm_test.go:1376: DockerSwarmSuite.TestSwarmClusterRotateUnlockKey

z CI: another flaky test, although the issue is closed (#34988)

01:56:29.649 FAIL: docker_api_swarm_test.go:359: DockerSwarmSuite.TestAPISwarmRaftQuorum

[kolyshkin]

All the CI failures are def unrelated

[kolyshkin]

janky and ppc CI failure is #33041

janky:

01:53:11.010 FAIL: docker_cli_swarm_test.go:1376: DockerSwarmSuite.TestSwarmClusterRotateUnlockKey

power:

02:09:16.308 FAIL: docker_cli_swarm_test.go:1376: DockerSwarmSuite.TestSwarmClusterRotateUnlockKey

[coolljt0725]

Ping @kolyshkin @thaJeztah @cpuguy83

[kolyshkin]

@coolljt0725 do you think what I propose here makes sense?

[coolljt0725]

@kolyshkin From our experience in using containers, user may overshadow some spec mouts, if he use docker run -v /tmp:/sys/fs, he may just meant to it. If some spec mounts are not supposed to be shadowed, it's better to error out if user try to overshadow it.

[thaJeztah]

Yes, I'm a bit on the fence as well; shadowing these paths sounds like a user-error (if not intended to shadow), so not sure what's best here.

[thaJeztah]

Needs a rebase

[kolyshkin]

This one is probably not required either; let's close it.