Run `benefice` workloads via rootless OCI engine

[rvolosatovs]

Currently, Benefice workloads are executed via Docker, which means that they're essentially executed as root (and benefice user also has privileged access to the system, since it has to be in docker group)
Naturally, we want to avoid this and using podman could be a way to do that. Unfortunately I was unable to make podman work for this use case with TEEs, on SGX I'd get "OCI permission denied" on AESMD socket and SEV execution would fail with "system miconfigured" reported by Enarx. Refs profianinc/nixpkgs#18