Support buildbox-run as sandboxing backend

Background

!951 (merged) has added an experimental sandboxing backend for buildbox-fuse. However, the more recent buildbox-run-* sandboxing runners use a different command line interface (closer to the remote execution API) and thus the current buildbox sandboxing backend in BuildStream cannot be used with buildbox-run-*.

The plan on the BuildBox side is to move the bubblewrap sandboxing backend from buildbox-fuse to a new buildbox-run-bubblewrap and add FUSE support to buildbox-casd (using buildbox-fuse). However, this hasn't happened yet.

Task description

We should add a buildbox-run sandboxing backend (based on the code from the current buildbox backend as far as applicable) to support the new interface. When the planned changes on the BuildBox side are complete, we can migrate the buildbox-fuse tests to buildbox-run-bubblewrap and drop the old buildbox backend.

As the buildbox-run interface is relatively close to the remote execution API, it likely makes sense to share some code with the remote execution client code (Action and ActionResult handling). A common base class may be useful for this.

buildbox-run will have to talk to the buildbox-casd instance spawned by BuildStream.

A CI job should be added to test this with buildbox-run-userchroot.