Updating embedded OCI image does not update container

[troglobit]

One customer reports that updating an OCI image that is embedded in the Infix image, followed by upgrading a system with that new Infix image, does not upgrade the containers using that OCI image. This behavior appears counter intuitive and does not "feel in the spirit of Infix, e.g. the immutability aspects.".

The Infix core team agrees with this statement.

Other observations:

• The container "lifecycle" appears to users as disjunct from Infix startup-config
• Starting a container at boot should be same as at creation or when calling container upgrade ...
• Same with changes to Infix running-config, e.g., Container environment variables do not bite in container #822, container related changes should always be applied and restart the container

To achieve this the default behavior must change, i.e., no default writable layer by Podman:

infix/doc/container.md

Lines 86 to 92 in 032a51b

	The second create a container with a semi-persistent writable layer that
	survives container restarts and host system restarts. However, if you
	change the container configuration or upgrade the image (see below), the
	container will be recreated and the writable layer is lost. This is why
	it is recommended to set up a named volume for directories, or use file
	[Content Mounts](#content-mounts), in your container if you want truly
	persistent content.

Persistence can then be selectively applied to explicit container paths using volumes.