Merge ~andersson123/autopkgtest-cloud:lxd-security-nesting-true into autopkgtest-cloud:master

fix: lxd-worker: add security.nesting=true to lxd config

There's a version of systemd in oracular-proposed which is purported to
break armhf tests (for oracular) once it migrates to the release pocket.

TLDR; Any systemd units with credentials on unprivileged containers will
fail on oracular tests with the new version of systemd in proposed.

This would cause systemd-tmpfiles-setup.service to be broken on the lxd
containers, which is a service which creates /var/run/utmp, which is how
runlevel is stored. runlevel is checked in lib/VirtSubProc.py [1] in the
wait_booted function. So, subsequently, wait_booted would eventually
timeout, as systemd-tmpfiles-setup.service would never store runlevel
appropriately on the testbed.

The workaround was discussed [2] between the systemd maintainer (enr0n)
and the lxd team, and the solution was to enable security.nesting for
the lxd containers running our armhf tests.

security.nesting simply allows for nested containerisation. [3]

To summarise, we would be hitting [4] because of [5].

[1] https://salsa.debian.org/ubuntu-ci-team/autopkgtest/-/blob/master/lib/VirtSubproc.py?ref_type=heads#L454
[2] https://github.com/canonical/lxd/issues/13631
[3] https://discuss.linuxcontainers.org/t/what-does-security-nesting-true/7156/4
[4] https://bugs.launchpad.net/ubuntu/+source/autopkgtest/+bug/1998943
[5] https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2046486

This is a change requested by enr0n (the systemd maintainer). The new version of systemd in oracular-proposed will break all oracular armhf tests. It's currently block-proposed, so it won't migrate, but it's waiting on us adding this change to our lxd containers to migrate.