Safer, now with hostPath mounts

• The container will now mount only the pipeline's directory rather than the entire build "prefix" for buildkite-agent. This means jobs won't be able to access other pipelines' files that happen to be on the same host.

• Host paths can now be mounted into the container. This allows for convenience uses such as caching (as a practical example, we use it for mounting the cache directory for kaniko, and the cache directory for Bazel).

• Cleaning up old jobs now works as expected. Any job older than a day will be deleted.

• Mount the pipeline build directory at a secondary, fixed, path /build to simplify build scripts. This helps giving the --context flag for kaniko, for example.

• Enabled git-mirrors to allow sharing a single repo across multiple pipelines.

• Allow setting resource requests and limits in a pipeline.