build.sh: allow the builder user to run rootless podman

We do *some* podman operations inside the COSA container. If running
locally as the `builder` user podman will barf when trying to run
newuidmap if we don't change up the subuid/subgid mappings.

With this change we'll be able to test in our local rootless podman
COSA container that `cosa push-container-manifest` works.

In order to figure out this worked (at least for what limited podman
manifest commands I'm running) I first followed the issue at [1]
and realized I had success with the `quay.io/podman/stable` image
and then looked inside the image to see what the mapping was.
I then lifted the mapping from there [2] and applied it here and
it works.

Note that inside the pipeline right now (in OpenShift) we still run
as a random user but that seems to still be working OK for us for
pushing the manifest because it can't find the random UID/GID in
/etc/{subuid,subgid} so it falls back to "rootless single mapping
into the namespace".

[1] containers/podman#4056 (comment)
[2] https://github.com/containers/podman/blob/6e382d9ec2e6eb79a72537544341e496368b6c63/contrib/podmanimage/stable/Containerfile#L25-L26

(cherry picked from commit 5ffbf12)

build.sh

@@ -135,6 +135,13 @@ configure_user(){
     echo '%wheel ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/wheel-nopasswd
     # Contents of /etc/sudoers.d need not to be world writable
     chmod 600 /etc/sudoers.d/wheel-nopasswd
+
+    # Allow the builder user to run rootless podman
+    # Referenced at: https://github.com/containers/podman/issues/4056#issuecomment-1245715492
+    # Lifted from: https://github.com/containers/podman/blob/6e382d9ec2e6eb79a72537544341e496368b6c63/contrib/podmanimage/stable/Containerfile#L25-L26
+    echo -e "builder:1:999\nbuilder:1001:64535" > /etc/subuid
+    echo -e "builder:1:999\nbuilder:1001:64535" > /etc/subgid
+
 }
 
 write_archive_info() {