Dropping ptrace capability (#17)

Ptrace is known for it's use in software such as proot, mostly used with purposes other than it's intended use.

Co-authored-by: nulldaemon <[email protected]>

environment/docker/container.go

@@ -252,6 +252,7 @@ func (e *Environment) Create() error {
 		CapDrop: []string{
 			"setpcap", "mknod", "audit_write", "net_raw", "dac_override",
 			"fowner", "fsetid", "net_bind_service", "sys_chroot", "setfcap",
+			"sys_ptrace",
 		},
 		NetworkMode: networkMode,
 		UsernsMode:  container.UsernsMode(cfg.Docker.UsernsMode),