buildroot: unshare the network

Run the container in a new network namespace, to isolate the host's
network from that of the container. Stages, assemblers and the tools
they execute are not supposed to assume network access is available
and this isolation will make sure of that.

osbuild/buildroot.py

@@ -188,6 +188,7 @@ class BuildRoot(contextlib.AbstractContextManager):
             "--setenv", "PYTHONPATH", "/run/osbuild/lib",
             "--unshare-ipc",
             "--unshare-pid",
+            "--unshare-net"
         ]
 
         cmd += mounts