TPA-RFC-58: install a podman runner

we have two places where we feel we might be able to do more with podman as a runner backend instead of docker:

gitlab#90 (closed) - building images required user namespaces (and, in general, privileged containers, see also https://gitlab.torproject.org/tpo/tpa/container-images/-/merge_requests/1)
#41295 (closed) - intermittent docker failures

Obviously, introducing a new podman runner could raise new issues, but it's something we've been meaning to do for a while and if it has the chance of fixing things, it seems worth a try.

This, obviously, would need to run bookworm to get the latest and greatest podman that works with GitLab.

Update: VM and runner deployed, limited to jobs tagged with podman, testing requested on tor-project with https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-58-podman-runner

Edited Aug 16, 2023 by anarcat

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information