[$] Container IDs for the audit subsystem

Linux containers are something of an amorphous beast, at least withrespect to the kernel. There are lots of facilities that the kernelprovides (namespaces, control groups, seccomp, and so on) that can becomposed by user-space tools into containers of various shapes andcolors; the kernel is blissfully unaware of how user space views thatcomposition. But there is interest in having the kernel be more aware ofcontainers and for it to be able to distinguish what user space considersto be a single container. One particular use case for the kernel managingcontainer identifiers is the auditsubsystem, which needs unforgeable IDs for containers that can beassociated with audit trails.