Use unshare instead of fakeroot + fakechroot

When trying to copy some of the code here to make my own images, I noticed that GIDs weren't being preserved correctly when running fakeroot, which is a documented limitation.

Instead of relying on patching libc functions, we can just use user namespaces instead, which are much more reliable and can fully preserve both UIDs and GIDs. While the NoExtract options prevent you from outright relying on pacman -Qkk fully passing, you can manually verify that this is more accurate.