Make GID optional to allow retaining overflowgid (useful for exposing crw-rw---- devices to Rootless Containers)

[AkihiroSuda]

https://github.com/opencontainers/runtime-spec/blob/v1.0.2/config.md

In the current spec, .process.user.gid is defined as a REQUIRED attribute.

I suggest makng this attribute OPTIONAL to allow retaining overflowgid, by avoiding calling setgroups(2).
When gid is unset, additionalGids MUST be unset, too.

This is useful for exposing crw-rw---- devices to Rootless Containers:

• Can't use serial device in rootless docker with dialout group moby/moby#43019

I have issues mounting a device with rootless docker through --device /dev/ttyUSB0. The device is accessible outside the docker to users of the dialout group. But I suspect the group is not properly propagated to the docker container. The device shows up as

crw-rw---- 1 nobody nogroup 188, 0 Nov 15 15:59 /dev/ttyUSB0

within the docker. On the host it is

crw-rw---- 1 root dialout 188, 0 Nov 15 07:59 /dev/ttyUSB0

Trying to access the device leads to a Permission denied error.

[AkihiroSuda]

@cyphar @giuseppe @kolyshkin WDYT?

[giuseppe]

I agree it is useful. crun implements it with an annotation. I have already opened a similar issue: #1020