basic sanity check to prevent anybody from registering and running a
cryptominer or similar BS in CI.
note:
any new users in need of access to CI are encouraged to leave us a PR
with appropriate changes to this config line for review
* add drone.slice (control resource usage)
* restrict can be accessed by the service
* adjust IO priority and NICEness of processes created withing the
service
* use "-p" with docker-compose invocation to specify a project that the
newly-spawned containers belong to (best practice)
* add commented override
