62148a768b
Adding the `privileged` bool to the sandbox allows runtimes, like rkt, to make better security choices in some cases. This also enumerates what "privileged" actually means and how it interacts with other options (or more accurately, does not). The documentation closely matches docker's current behavior because, so far, that's what privileged has meant.