Configures zshot to run inside a container. It is a shorthand for our current container guidance, so prefer it over setting the individual switches yourself; its effects may grow over time.

Today it:

• Disables the Chromium sandbox (equivalent to --no-sandbox), which the sandbox’s kernel facilities are not granted by default in a container.
• Sets --disable-dev-shm-usage, so Chromium routes shared memory to a temp file instead of /dev/shm, which is small by default in most container runtimes.
• On Linux, falls back to software rendering when no GPU is available.

Because it disables the sandbox, it prints the same security warning as --no-sandbox (suppress with --quiet).

GPU detection keys on a DRM render node at /dev/dri/renderD*. To use a GPU in the container, map one in with --device /dev/dri. A setup that exposes only /dev/nvidia* without a render node falls back to software rendering; pass --software-rendering to force it explicitly, which always overrides the auto-detection.