prevent deletion of swarm infra containers

Magnum swarm cluster creates couple of infrastructure containers as part of cluster creation(swarm-manager container and swarm-agent container). User can accidentally delete infrastructure containers from the bay/cluster.

This blueprint is to implement a feature to prevent accidental deletion of infrastructure containers from bay/cluster. Probably we need to implement a docker authorization plugin that returns error message when user tries to delete infra containers.

Implementation Idea:
Docker introduced authorization plugin support in docker version 1.10. Authorization plugin details can be found at https://docs.docker.com/engine/extend/plugins_authorization/ (To know more about authorization plugin model, please look at the sequence diagrams).

Docker authorization plugin can approve or deny requests to the Docker daemon based some logic
(Sample authorization plugin that provide rule based authorization can be found at https://github.com/twistlock/authz).

Magnum can implement a docker authorization plugin that rejects/denies pre-defined infra container deletion. Since docker is written in GO, probably it is easy to implement the authorization plugin in GO language as well (but technically it is possible to implement the plugin in other languages as well).

Plugin installation options:
1. Pre-install docker authorization plugin on the image
2. Download the authorization plugin on cluster creation and install
3. Download the authorization plugin source code on cluster creation and then build and install