FUSE: Mount with -odev in chroot sandbox

This is needed to permit access to the device nodes added to /dev
on Linux when FUSE is used as root.

The chroot sandbox only works with all privileges,
so there's no explicit check for being root
or having the appropriate capabilities.

A check for whether it's running as root isn't needed on Linux with bubblewrap
because /dev or its devices are mounted on top of the FUSE layer,
so device nodes are accessed directly rather than through the FUSE layer.