mwscript: Containerize MediaWiki script execution

(Rewrite of 9ba1949d)
(Revert of revert 8d4b4f6a)

Run all MediaWiki PHP scripts using Docker.

This will allow us to run certain scap commands in environments other
than the deployment host (such as release hosts) without installing a
large number of MediaWiki dependencies.

Provide a new mwscript module that implements mwscript and shell
execution using Docker.

The new mwscript.run and mwscript.run_shell functions call out to
scap mwscript and scap mwshell subcommands which in turn execute
mwscript and shell commands via Docker.

If the new docker_user configuration is set, the subcommands are
executed via sudo as that user. This extra layer of invocation allows
limited access to the Docker socket without granting full access to the
runtime user.

Refactor tasks and main modules to use mwscript.run and
mwscript.run_shell instead of sudo_check_call.

Bug: T369115