capabilities: be more graceful in resetting ambient

Similar to when SetAmbient() can fail, runc should be graceful about
ResetAmbient failing.

This functionality previously worked under gvisor, which doesn't
implement ambient capabilities atm. The hard error on reset broke gvisor
usage.

libcontainer/capabilities/capabilities.go

@@ -130,7 +130,7 @@ func (c *Caps) ApplyCaps() error {
 	ambs := c.caps[capability.AMBIENT]
 	err := capability.ResetAmbient()
 	if err != nil {
-		return fmt.Errorf("can't reset ambient capabilities: %w", err)
+		logrus.Warnf("can't reset ambient capabilities %s", err)
 	}
 	for _, a := range ambs {
 		err := capability.SetAmbient(true, a)