ci: Mount ephemeral volume for container storage

Without a specific volume mount, the Buildah working container will be
stored in the Jenkins pod container filesystem.  This not only affects
performance, but limits the size of the working container filesystem and
the final image, as the worker nodes do not have very much space for
container filesystems.  Thus, we need to mount an ephemeral Longhorn
volume in the job pod to provide more space to Buildah.

Using a read-only root filesystem helps ensure that no temporary data
get written to container storage.  This of course breaks the work-around
we had in place for overriding the broken default `storage.conf` in the
_buildah_ image, so we mount a _tmpfs_ filesystem at `/home/build` as a
different work-around.

ci/podTemplate.yaml

@@ -7,12 +7,12 @@ spec:
     - -c
     - |
       trap 'kill $!; exit' TERM
-      rm -f ~/.config/containers/storage.conf
       sleep infinity &
       wait
     securityContext:
       runAsUser: 1000
       runAsGroup: 1000
+      readOnlyRootFilesystem: true
     resources:
       limits:
         github.com/fuse: 1
@@ -21,5 +21,31 @@ spec:
       requests:
         cpu: 6
         memory: 8G
+    volumeMounts:
+    - mountPath: /home/build
+      name: tmp
+      subPath: home
+    - mountPath: /home/build/.local/share/containers
+      name: data
+      subPath: containers
+    - mountPath: /tmp
+      name: tmp
+      subPath: tmp
+    - mountPath: /var/tmp
+      name: data
+      subPath: tmp
   tolerations:
   - key: du5t1n.me/jenkins
+  volumes:
+  - name: data
+    ephemeral:
+      volumeClaimTemplate:
+        spec:
+          accessModes:
+          - ReadWriteOnce
+          resources:
+            requests:
+              storage: 10Gi
+  - name: tmp
+    emptyDir:
+      medium: Memory