container: enforce nonrepeatable autoetc and autoroot

These keep track of some internal state, and they don't make sense to have multiple instances of anyway, so instead of dealing with that, just make them nonrepetable.

Signed-off-by: Ophestra <cat@gensokyo.uk>

container/ops.go

@@ -24,6 +24,11 @@ const (
 	intermediatePatternTmpfile = "tmp.*"
 )
 
+const (
+	nrAutoEtc = 1 << iota
+	nrAutoRoot
+)
+
 type (
 	Ops []Op
 
@@ -41,6 +46,7 @@ type (
 	}
 
 	setupState struct {
+		nonrepeatable uintptr
 		*Params
 	}
 )