Support arbitrary container runtimes via provisioning-time images

[t-lo]

We ship Flatcar by default with Docker / Containerd, which suits most, but not all, use cases:

• some require older / newer Docker versions than what we ship
• some do not use Docker and work with containerd directly
• some use entirely different container runtimes like CRI-O or podman

Using systemd-sysext, we would be able to support a custom container stack at provisioning time, e.g.

• picking from multiple Docker versions, or don't use Docker at all but work with containerd directly
• use a different container runtime, e.g. crun instead of runc
• use an entirely different stack, like podman

[pothos]

One thing to keep in mind is that we need to migrate our internal Docker usage (Toolbox, flannel/etcd services, BCC tool aliases) to something that is not manged by the user. We could for example have a tool in the image that allows us to download and unpack container images, and then use systemd-nspawn for that, but actually I would rather like to see Podman as part of the base image because it fits quite well for that task as it has no daemon requirement and works separate from, e.g., containerd which may be manged by the user.

[pothos]

Docs for this are already there:
https://www.flatcar.org/docs/latest/provisioning/sysext/#upstream-docker-sysext-images
https://www.flatcar.org/docs/latest/provisioning/sysext/#supplying-your-sysext-image-from-ignition

What's left is to now extend the docs section for systemd-sysupdate because it's part of Flatcar Beta already:
https://www.flatcar.org/docs/latest/provisioning/sysext/#updating-custom-sysext-images

[pothos]

Docs for sysupdate are done. The final things to do is rip out Torcx to get rid of the file entry to disable it.