Add userns_mode support for Gitlab CI services

Description

Usage of docker-in-docker as explained in the wiki currently is not possible when the Docker daemon is configured to have user namespaces. To use "dind" capabilities, one needs a privileged container. Privileged mode in Docker is incompatible with user namespaces and they should be disabled for such containers. It is done with --userns host in command line or toml configuration for Gitlab CI docker executor

privileged = true
userns_mode = "host"

While container itself seems to run, the included services do not get user namespace disabled, thus unable to run in a privileged mode. Services are configured for CI job in .gitlab-ci.yml as:

services:
- docker:dind

Proposal

Introduce support for userns_mode in services.

Links to related issues and merge requests / references

This comes as a follow up of the discussion: #5034 (closed)