Add configuration for docker executor to add devices for services

What does this MR do?

Adds support docker executor to expose host devices to services. A new service_devices mapping in the runner config controls which devices are exposed to services based on the service images name.

Example: Expose /dev/kvm and /dev/dri to all images named "emulator" with any tag.

[runners.docker]
  [runners.docker.services_devices]
      "emulator:*" = ["/dev/kvm", "/dev/dri"]

Why was this MR needed?

Services that require hardware resources have no access to the host and do not work. Here are several use-cases.

• Hardware-acceleration with /dev/kvm for qemu commonly used in Android Emulator (and a lot more).
• Device farms with /dev/bus/usb for STF (Smartphone testing farm) can be used for integration testing mobile apps with other IoT devices; something no other commercial product offers AFIAK.
• Containers that require GPU access such as nvidia-docker images.

Are there points in the code the reviewer needs to double check?

CI Tests. There is only a test that checks the config. I am not sure what more tests could/should be added.

The more complete test I did with a runner I compiled was to run ls /dev/kvm; echo $? > /usr/share/nginx/html/index.html in the nginx container before the normal entrypoint. Then the job container would compare the output to either /dev/kvm when the device is exposed or just 2 when the device is not exposed. Nginx was just used to make the state of the device from the service visible in the job container.

Does this MR meet the acceptance criteria?

• Documentation created/updated - I also added documentation on the normal device setting because I didn't find it anywhere else in the docs.
• Added tests for this feature/bug
• In case of conflicts with master - branch was rebased

What are the relevant issue numbers?

• #6208

Closes #6208