feat(archroot): add support for optional systemd-nspawn arguments

Warning: this has security implications.

Allow passing of optional command line args to systemd-nspawn for makechrootpkg builds. The use case is to allow various test suites to benefit from greater coverage by selectively allowing syscalls and/or capabilities that would otherwise be blocked by the standard systemd-nspawn container.

Check the PKGBUILD for a special array variable _nspawn_opts=(). If present, use the contents as additional args to systemd-nspawn. For example:

_nspawn_opts=(--keep-unit --bind-ro=/dev/kvm --system-call-filter="munlockall @keyring")

would grant QEMU access to KVM acceleration inside the container and allow some syscalls required for make check to pass.

Note: Use of --keep-unit causes a harmless warning after 5f4fd52e: "Machine and scope registration turned off, --slice= and --property= settings will have no effect."