review new secure runner setup

We now have a hardware-based secure runner with virtualization support for virtual box and kvm and a secondary virtualized secure runner with no special access.

secure-runner1.archlinux.org (tags secure-virtualbox and secure-kvm) is the virtualization-support enabled one while secure-runner2.archlinux.org (tag secure-general) is the generic one. The latter has less attack surface and should be preferred for most projects.

This needs to be reviewed.