wip: build image without superuser privileges

This is a WIP merge request and a proof of concept that it is possible to create the image without superuser privileges. Not requiring superuser privileges has practical benefits. When installing Debian packages, one needs to have /sys and /proc mounted. At the same time, maintainer scripts will run utilities that through /sys and /proc being mounted would affect the host system if they are run with superuser privileges. This can be prevented by never running anything as root. While mkimage.sh of this merge request already produces a bootable image, it still has some open TODO items:

• xwayland is not yet cross compiled and installed as part of mkimage.sh. This will also need a Protected:yes meta-package that makes sure that "apt upgrade" never upgrades away from our patched packages.
• only the rescue system is built for now -- this is a proof of concept after all ;)
• the output is not yet bit-by-bit reproducible. To make it so requires the introduction of a first-boot script which generates stuff like /var/lib/dbus/machine-id which should be different on every machine.