Add BuildBox backend for sandboxing

Description

This adds a BuildBox backend for sandboxing of local builds as replacement for the bubblewrap and chroot backends. This will allow BuildStream to benefit from shorter staging time (using CAS-based virtual staging) and future cross-platform support in BuildBox (https://gitlab.com/BuildStream/buildbox/issues/15 and https://gitlab.com/BuildStream/buildbox/issues/16).

Longer term it will allow us to completely drop the other local sandboxing backends and also the SafeHardlinks FUSE layer, reducing maintenance cost. However, this MR does not do this yet as this requires additional work for full compatibility with plugins that don't use the virtual directory API.

Tasks (for completely optional support for developers/testing)

• Add environment variable to enable the BuildBox sandbox backend instead of always enabling it
• Test BuildBox backend in CI
• Report error when BuildBox is not available
• Report error for element plugins that don't support the virtual directory API (similar to remote execution)
• Report error for elements requiring non-0 UID/GID
• Report error or warning due to limited bst shell support
• Add NEWS entry

Possible merge strategies

• Merge BuildBox as completely optional sandbox backend for now.
• Require BuildBox for Linux but use it only for simple builds for the time being. Fall back to bubblewrap for other cases (workspace builds, bst shell, and element plugins that don't support the virtual directory API).
• Use BuildBox for all platforms and commands (requires completion of all tasks).

Update

After some discussion on the mailing list https://mail.gnome.org/archives/buildstream-list/2019-May/msg00019.html it looks like it would be best to have a staggered merge strategy.

This MR will introduce the sandbox in a limited capacity with some tests skipped and then subsequent MR's will fix the outstanding issues and then remove the other sandboxes.

See #719 (closed). Depends on #675 (closed).