feat: add support for openedx/codejail-service

[MoisesGSalas]

This introduces support for https://github.com/openedx/codejail-service.

I decided to introduce a few variables that will only be available during the Ulmo release to ease the transition. Mainly CODEJAIL_USE_SERVICE_V2 that use the appropriate configuration for the new Django service and also build with the new dockerfile.

I took the Dockerfile from https://github.com/edx/public-dockerfiles/blob/main/dockerfiles/codejail-service.Dockerfile with some minor adjustements:

1. I moved around the cloning of the code and the sandbox dependencies to a scratch layer in order to break less layers of cache.
2. I used the jinja variables for some of the default values for the build arguments. Most of the time they will be enough, if needed you can further customize your build by adding the build arguments to the tutor command (e.g. tutor images build codejail -a SANDBOX_DEPS_SRC_FILE=release/quince.txt)
3. I modified the useradd command to include --no-log-init to avoid creating extremely large images (see: Fix: Large DEV Image overhangio/tutor#918).
4. I took the the apparmor profile in https://github.com/edx/public-dockerfiles/blob/main/apparmor/openedx_codejail_service.profile as is. The implication here is that the new service will only work on hosts with ubuntu 24.04 or later.

I tested this both on docker and kubernetes. Both hosts where using Ubuntu 24.04. I did two tests: I imported https://github.com/mitodl/mitx-grading-library/tree/master/course and check that a few units where working correctly. I also ran the tests in https://github.com/openedx/codejail-service/tree/main/api_tests and all of them passed.

[MoisesGSalas]

Hey @feanil, this are the changes that I made in order to support the new codejail-service made by 2U. I would say that the only thing to keep in mind would be forcing operators to run ubuntu 24.04, and also the 2U service is more strict regarding the AppArmor configuration, and won't even start if not properly secured.

FYI @timmc-edx

[timmc-edx]

Other compat notes: The 2U version also removes the unsafely option, and restricts the python_path and extra_files to take only a single optional file called python_lib.zip rather than arbitrary values/files.

[MoisesGSalas]

I merged this into the Ulmo branch.

I asked on the BTR slack channel for this changes and the CODEJAIL_USE_SERVICE_V2 setting to be enabled on the Ulmo sandbox and everything ran correctly.