provide linux runners for gitlab CI

#40095 is about creating a hackish setup for Windows/Mac runners. let's create runners for normal linux containers without all that hackery, inside a normal VM inside the ganeti cluster. we do have access to the f-droid runners, but those are a little overwhelmed right now and we have spare cycles, so let's just do this.

launch checklist:

• setup VM
• install gitlab-runner through puppet
• register with gitlab
• run jobs on it, confirm it works
• document install
• document monitoring
• setup cleanup for old jobs (e.g. with this)
• merge the profile::gitlab_runner code with the existing roles::ci stuff, which I had forgotten about
• document the CI design in wiki
• document how to enable/disable runners (basically https://gitlab.torproject.org/admin/runners)
• document runner tags
• audit the helper image stuff, make sure it's somewhat sane in the debian package