Improvements for safe-docker

[hannesbraun]

This adds a few improvements for executing checks using safe-docker:

• ulimit options also work when using Docker.
• safe-docker can now be used to run checkers even if Praktomat itself is already running inside a Docker container.
• You can specify the path to the safe-docker script through the settings in case it's not available in your PATH (see SAFE_DOCKER_PATH).
• The name of the image to use can now be specified (see DOCKER_IMAGE_NAME). This was previously disabled in the safe-docker script for security reasons. But as far as I know, submissions shouldn't be able to change this parameter. I think the flexibility is worth it when running multiple Praktomat instances on one machine or Docker host.
• Optionally, you can write to the container's filesystem using DOCKER_CONTAINER_WRITABLE. This is useful, for example, when the container contains some Gradle projects that contain unit tests. If you check the student's submissions against such tests, Gradle attempts to write to the project directory.
• Optionally, you can also prevent modifying the UID and GID for the user executing checks in the Docker container using DOCKER_UID_MOD.

I added the safe-docker script to this repository as the original script is not maintained anymore (see nomeata/safe-docker#3). Therefore, it's probably better if we maintain our own version of this script.

By the way, this is pretty much my first time working with Perl. If you spot any kind of weird code in the safe-docker script, feel free to let me know ;)

The tests don't pass because I didn't merge #348 into this branch.

[hannesbraun]

I added a setting called DOCKER_CONTAINER_EXTERNAL_DIR that allows to mount a directory into the checker container (at /external). This is a convenient solution for accessing data (e.g. unit tests, ...) residing on the host without the need of copying the files into the image.

See 8db8301

[hannesbraun]

With e19b211, I also added a setting to allow accessing the network inside of a checker container. When using a tool like Stack (Haskell) for running a student's submission, such a setting may be required.

[ifrh]

please add "removing the following lines" from README.md to the change set of this PR:

• The maximum size of a file produced by a user submission (setting
  TEST_MAXFILESIZE, currently not supported with USESAFEDOCKER, until
  http://stackoverflow.com/questions/25789425 is resolved)

[hannesbraun]

please add "removing the following lines" from README.md to the change set of this PR:

• The maximum size of a file produced by a user submission (setting
  TEST_MAXFILESIZE, currently not supported with USESAFEDOCKER, until
  http://stackoverflow.com/questions/25789425 is resolved)

Done with 9dcfa7f

[ifrh]

please add "removing the following lines" from README.md to the change set of this PR:

Done with 9dcfa7f

this PR fixes #358