Add devices support on services

• Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.

What does this MR do?

This MR is a continuation of !3560 (closed).

It adds support for the Docker executor to expose host devices to services. A new service_devices mapping in the runner config controls which devices are exposed to services based on the service images name.

Example: Expose /dev/kvm and /dev/dri to all images named "emulator" with any tag.

[runners.docker]
  [runners.docker.services_devices]
    "emulator:*" = ["/dev/kvm", "/dev/dri"]

I've updated this MR to the current state of main and integrated the review feedback from !3560 (closed) by @avonbertoldi including !3560 (comment 1188472177) and test-related requests (see below).

Why was this MR needed?

Services that require hardware resources have no access to the host and do not work. See !3560 (closed) for more details.

What's the best way to test this MR?

I have extended the test suite by unit tests (according to !3560 (comment 1188472187) & !3560 (comment 1188472190)) and an integration test (according to !3560 (comment 1198865781)).

What are the relevant issue numbers?

• #6208 (closed)
• #38513 (closed) – Partially relevant, as GPUs can be mounted as devices according to https://docs.docker.com/reference/cli/docker/container/run/#device. If agreed, I'll be happy to work on a follow-up MR for GPUs that adds a setting similar to gpus = [...] for services.

Close: #6208 (closed)