Add system for building image based OS

To provide a secure host, that is in large parts a read-only environment (see also !26 (merged)), we need to provide an image-based OS, which can update without direct manual intervention.

For this it is worth experimenting with mkosi, as it is likely to provide fully reproducible images with it.

The requirements for this system is to (on tag) build artifacts that can be used to a) create a new system from scratch and b) update an existing OS in an A/B setup.

The provided artifacts should provide OS images, that provide a read-only environment, with the exception of a read-writable partition, which may be used for bind-mounting override directories over the read-only system.