1. Add the ra_product_enclave configuration to allow users to choose Production
Enclave or Development Enclave to be attested about IAS' remote attestaion.
2. Rename ra related configurations as enclave.attestation.ra in annotations.
Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>

1. transfer config.RaType from string type to uint32 type.
2. rename config.RaEpidQuoteType as config.RaEpidIsLinkable.
3. set config.RaEpidIsLinkable type as uint32.
Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>

1. Add optional remote attestation annotation fields in config.json.
2. Pass remote attestation configs to runelet.
Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>

Support to automatically mount the /dev/gsgx to enclave container.
Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>

/run is usally a symbol link to /var/run but it is not always true.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

The minor device number should not be hard-coded with 58 for
SGX enclave devices.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

Instead loading enclave runtime in container, rune should always load it at bootstrap,
in order to avoid dlopen issue.
Signed-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>

If the enclave devices doesn't exist, don't add them into the default device list and cgroup whitelist.
Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>

inclavare-containers is a set of tools for running trusted
applications in containers with the hardware-assisted enclave
technology. Enclave, referred to as a protected execution
environment, prevents the untrusted entity from accessing the
sensitive and confidential assets in use.

Currently, inclavare-containers consists of two core components:
rune and enclave runtime.

rune is a CLI tool for spawning and running enclaves in containers
according to the OCI specification. The codebase of rune is
a fork of runc, so rune can be used as runc if enclave is not
configured or available.

Enclave runtime is the backend of rune, which is responsible
for loading and running applications inside enclaves. The
interface between rune and enclave runtime is Enclave Runtime PAL
API, which allows invoking enclave runtime through well-defined
functions. The software for confidential computing may benefit
from this interface to interact with OCI runtime.

Additionally, this commit includes additional information about the
use of inclavare-containers.
- Run sample enclave runtime skeleton with rune
- Run enclave runtime Occlum with rune

See README.md for more details.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
Signed-off-by: NXiaozhe Wang <wangxiaozhe@linux.alibaba.com>
Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>