Trusted Plugin Volume Mounts

[dvjn]

It would be great if there was a way for the admin to configure which plugins are trusted to mount which paths as volumes without needing to mark each repo as trusted.

For eg, a docker build plugin is trusted to mount docker socket, a cache plugin is trusted to mount cache path, and so on.

I suggest a new configuration WOODPECKER_PLUGINS_TRUSTED_VOLUME_MOUNTS (similar to WOODPECKER_PLUGINS_TRUSTED_CLONE in #4074 and WOODPECKER_PLUGINS_PRIVILEGED in #4053).

But, instead of a list, I would suggest to define key value pairs, for eg: woodpeckerci/plugin-docker-buildx=/var/run/docker.sock;my-cache-plugin=/cache

This means the admin need not mark whole repos as trusted and instead could just mark a few plugins paths combinations as trusted.