Description of feature

Specifically:

• --cap-add=VALUE
• --cap-drop=VALUE
• --privileged (boolean, default false)

We can add support for others later, but these seem pretty straightforward to implement. Basically just transform them into the security context for the pods being created. We'll want to handle the internal per-process docker args in addition to the global ones, as well as the different phases (deploy, run)