executor/gitlab_runner_config: enable unprivileged gateway runner
Related to #102 (closed)... there's a possibility that some of these options (adding NET_* caps in particular) won't be needed once we figure out how to finally get the integration tests running, but adding this now will
-
make things a bit more secure since we're no longerb running everything on the gateway runner in a privileged container
-
make it easier to iteratively test/develop the CI support for integration testing valve-infra, since it won't require babysitting the gitlab-runner's toml on a running gateway (executor actively replaces/overwrites changes)