Make podman transient per CI job

Since we are using systemd, we can leverage some features to make podman's socket activation spawn a transient process, with the state and runtime data placed in a temporary runtime directory, while pulled images are in a usual volume mounted storage that is periodically pruned.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information