CVE-2019-5736: runc container breakout

The patch actually pushed is substantially cleaner[1], but the looping is mostly because the patch was co-developed with the LXC folks and they have must_realloc and family that do the exact same thing. "reporting an error" here would be a crash, by the way (in the context of "runc init" we currently don't have a way to report errors other than through the exit code). The first few iterations of the patch just aborted each time, but mimicking LXC's must_realloc seemed nicer.

> They have asprintf() without looping in the same file.

Yup, that is a mistake -- I will fix that when I update the fix to work on pre-3.11 kernels.

[1]: https://github.com/opencontainers/runc/commit/6635b4f0c6a...