Move client initialization out of init script and into a container provisioning hook #1
Description
The current client implementation uses materials injected into an image and runs during an init script. It would be more streamlined and simpler to adopt if the Pollendina client were run during a pre-launch hook.
This becomes especially important for key storage. The new native client attempts to mount tmpfs at the key location. This keeps the key from ever being written to disk. However, in order to use mount the container needs CAP_SYS_ADMIN. I'm not sure if I'd consider running an application container with CAP_SYS_ADMIN or storing the key on disk more insecure (actually given the nature of the system and the design for short lived services CAP_SYS_ADMIN has greater risk).
In an ideal world, running a sort of Docker container build hook would let us create the tmpfs mount as the daemon and inject it before hand.