Add worker-net parameter in configs

[floatdrop]

This would give a way to change NetworkMode in case of IPv6-only hosts to host mode (cont. of #573).

[floatdrop]

Any news on this?

[bradrydzewski]

Hey, sorry I didn't provide feedback sooner. Some thoughts below:

• net should be configured on a per-repository basis, in the yaml, instead of globally
• net should require a repository to have the privileged flag for security reasons
• net should be ignored when building pull requests from public repositories for security reasons

For example, it is possible that docker (drone.docker.io) could have private repositories where they want to use --host=net. However, they could have public repositories where they don't want --host=net by default. This is especially true for public repositories and pull requests, where someone could issue a malicious PR that exploits access to the host machines network.

Eventually I would like the .drone.yml to look like this:

docker:
  net: host
  username: foo
  password: bar # for download private images
  privileged: true
  ...

I also eventually want to change the Repo.Privileged to Repo.Trusted. If Repo.Trusted == false the build will ignore the --net and --privileged parameters in the .drone.yml

[floatdrop]

Sorry for closing previous PR too soon, I restored it - #588 (It has fix for privileged builds)