Fix race condition causing containers to fail to start. Fixes #6.

Created by: SharkWipf

This change fixes host firewall race conditions causing containers to sometimes fail to start. In order to avoid concurrent modification, iptables tracks locks in the file /run/xtables.lock. In order for iptables inside a VM to respect the locking, it will need access to this file as well (https://github.com/moby/moby/issues/12547#issuecomment-306143160).

The downside of this implementation, as explained in above linked comment, is that, in some configurations, the lockfile may not exist when the container is started, and Docker will create it as a directory. Sadly there's no reliable/non-hacky way to avoid this within the scope of this project that I know of, as any method to create this file would require root access, and the container user on the host is not likely to be root.