systemd-nspawn, and probably other container runtimes, can sometimes
mount a cgroupsv1 hierarchy in a cgroup namespace. This ends up
infecting the host system, so we optionally allow that. We still will
error out if we happen to be the one running in a legacy cgroupsv1
controller hierarchy, however. We still depend on unified/cgroupsv2.
Makes clean shutdown with systemd actually work.
I've also made superqemu version a SemVer thing so that we don't need to bump it as often, only on a major or minor bump.
Using systemd's `Delegate=` option, it is possible to get it to let you manage your own cgroup subtree, therefore allowing you to set options and other fun stuff.
This commit adds support for doing so and configuring the resource limits in config.toml.
For later: The cgroup created has to be a threaded one. Iin theory, we can actually wait for the QEMU process to handshake qmp, grab the vCPU threads, and only limit those. For now, just limiting the entire QEMU process works, though and is the least complicated.
NOTE: Windows support should still work, even if you have resource limits configured. If you do, it should only warn and complain, but still function.
