Create permanent network namespace for sandbox.

[Random-Liu]

Currently, the network teardown logic assumes that once the network namespace is gone, we don't need to teardown the network again.

However, it doesn't work well with current implementation of cri-containerd. Currently, cri-containerd creates a sandbox container for each sandbox and use the network namespace of this container. But the problem is that, once the container dies, we'll not be able to find the network namespace by /proc/${PID}/ns/net.

So based on current logic, once the sandbox container dies itself, we'll not be able to find the network namespace, thus not teardown network for it. This will cause resource leakage.

We need to maintain a permanent network namespace for each sandbox, which is similar with cri-o.
We should remove the permanent network namespace as soon as we successfully tear down the network, so as to avoid multiple teardown to the same network in most cases.

/cc @xlgao-zju

[xlgao-zju]

I would like to make this issue two parts:

• Create permanent network namespace for sandbox.
• Add unit test.

[xlgao-zju]

Since I am not maintainer of cri-containerd, I can not self-assigned. So ping @Random-Liu.

[Random-Liu]

Moved this to v0.2.0.

We still need this enhancement, and it's very useful. However, I don't think we could get all depdencencies merged this release, so punt this one to next release.

[Random-Liu]

/cc @abhinandanpb
This is the issue for the network namespace.

And there is a pending PR for it #54, which was originally blocked by something else.

[Random-Liu]

#138 is merged. @abhinandanpb Thanks!