container: replace code with securejoin.OpenInRoot()

when the code was first added, there was no securejoin.OpenInRoot().
Since there is a function already provided by a dependency and already
used in libpod, replace the custom code with securejoin.OpenInRoot().

The new version does not report a symlink that points outside the
root, but it is still resolved relative to the specified mountpoint,
since that is the openat2 semantic.  It does not affect the security
of the function.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

test/e2e/play_kube_test.go

@@ -5545,7 +5545,7 @@ spec:
 
 		playKube := podmanTest.Podman([]string{"kube", "play", kubeYaml})
 		playKube.WaitWithDefaultTimeout()
-		Expect(playKube).Should(ExitWithError(125, fmt.Sprintf(`subpath "testing/onlythis" is outside of the volume "%s/root/volumes/testvol/_data`, podmanTest.TempDir)))
+		Expect(playKube).Should(ExitWithError(125, fmt.Sprintf("securejoin.OpenInRoot testing/onlythis: openat2 %s/root/volumes/testvol/_data/testing/onlythis: no such file or directory", podmanTest.TempDir)))
 	})
 
 	It("with unsafe hostPath subpaths", func() {
@@ -5559,9 +5559,7 @@ spec:
 		err = generateKubeYaml("pod", pod, kubeYaml)
 		Expect(err).To(Not(HaveOccurred()))
 
-		playKube := podmanTest.Podman([]string{"kube", "play", kubeYaml})
-		playKube.WaitWithDefaultTimeout()
-		Expect(playKube).Should(ExitWithError(125, fmt.Sprintf(`subpath "testing/symlink" is outside of the volume "%s"`, hostPathLocation)))
+		podmanTest.PodmanExitCleanly("kube", "play", kubeYaml)
 	})
 
 	It("with configMap subpaths", func() {