Add SELinux support to systemd-nspawn

Add SELinux support to systemd-nspawn

This patch adds to new options:

-Z PROCESS_LABEL

This specifies the process label to run on processes run within the container.

-L FILE_LABEL

The file label to assign to memory file systems created within the container.

For example if you wanted to wrap an container with SELinux sandbox labels, you could execute a command line the following

chcon system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -R /srv/container
systemd-nspawn -L system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -Z system_u:system_r:svirt_lxc_net_t:s0:c0,c1 -D /srv/container /bin/sh