provisioner: augment Networks config from caller when -unsafe (#411)

Currently container instances are hard-coded to join a single network,
the network associated with the session.

This change allows the caller of CreateInstance to specify which
additional networks should be joined. This is useful, for example, when
a container instance requires access to additional "backend" services
that may be running.

There are security implications associated with this change, hence the
additional networks are only joined when a new -unsafe flag is
specified. It is hoped the name is a sufficient indicator that thought
needs to go into using it.

config/config.go

@@ -2,6 +2,7 @@ package config
 
 import (
 	"flag"
+	"os"
 	"regexp"
 
 	"github.com/gorilla/securecookie"
@@ -30,6 +31,11 @@ var ForceTLS bool
 var SecureCookie *securecookie.SecureCookie
 var AdminToken string
 
+// Unsafe enables a number of unsafe features when set. It is principally
+// intended to be used in development. For example, it allows the caller to
+// specify the Docker networks to join.
+var Unsafe bool
+
 var PlaygroundDomain string
 
 var SegmentId string
@@ -60,6 +66,8 @@ func ParseFlags() {
 
 	flag.StringVar(&SegmentId, "segment-id", "", "Segment id to post metrics")
 
+	flag.BoolVar(&Unsafe, "unsafe", os.Getenv("PWD_UNSAFE") == "true", "Operate in unsafe mode")
+
 	flag.Parse()
 
 	SecureCookie = securecookie.New([]byte(CookieHashKey), []byte(CookieBlockKey))