Fix SELinux Labels

[Alexhuszagh]

According to the documentation for Docker, SELinux labels should be used carefully, and since we mount much more than just the project, we're using the wrong SELinux labels:

If you use selinux you can add the z or Z options to modify the selinux label of the host file or directory being mounted into the container. This affects the file or directory on the host machine itself and can have consequences outside of the scope of Docker.

• The z option indicates that the bind mount content is shared among multiple containers.
• The Z option indicates that the bind mount content is private and unshared.

Use extreme caution with these options. Bind-mounting a system directory such as /home or /usr with the Z option renders your host machine inoperable and you may need to relabel the host machine files by hand.

We use the Z labels by default, which seems like it could deadlock the system or cause other issues. This seems to relate to #251, which means we might need to use the z option or some other option. This was discovered while debugging #496. This doesn't affect Windows due to file locks, but seems to deadlock on Linux. I use Fedora with SELinux by default on the enforcing setting, so I should be able to test these changes.

[Alexhuszagh]

It seems this can be fixed using :z, although more testing will be required.

$ podman run -it --rm -v "$PWD":"$PWD" -w "$PWD" ubuntu:20.04 bash
# ls
ls: cannot open directory '.': Permission denied
$ podman run -it --rm -v "$PWD":"$PWD":Z -w "$PWD" ubuntu:20.04 bash
# ls
Cargo.lock  Cargo.toml  src  target
$ podman run -it --rm -v "$PWD":"$PWD":z -w "$PWD" ubuntu:20.04 bash
# ls
Cargo.lock  Cargo.toml  src  target

It seems after the Z or z flag is added, everything else succeeds. However, using :z works at first as well. Note I can only get this to reproduce on Podman, likely due to the lower permissions.