Make networking optional in the executor API

When instantiating an executor, the consumer should be able to say whether or not they want working network. This could be used to explicitly deny network access.

For unshare, we can either put a process in a network namespace to deny it any network access, or not. For containers and VMs, we can connect them to (multiple?) bridges and/or control firewall policy.

The complexity here is that some archive access is probably needed to install packages before doing work in the instance. So, this may need to be dynamically set during the life of the instance.

I suggest we backlog this issue for now, as it's not critical and non-trivial.

Later discussion has swung towards:

1. Using the native mechanism in sbuild to disable network in the unshare executor. (with a suite allow list to permit d-i builds)
2. Requesting upstream that autopkgtest implement something similar (which would involve a virtualization API change).
3. Revisiting this project later, when we need more features.