[bug#69131] [PATCH 2/2] gnu: podman: Update to 4.9.3.

[Skyler Ferris via Guix-patches via <guix-patches@gnu.org>]

"Update podman" review notes:

The following checklist is based on the items listed in the manual (22.7 
"Submitting Patches"). Each checklist item may have one of the following 
statuses:

C: Commitable. This item looks as expected for a final commit.
CC: Commitable with Context. Like commitable, but some notes have been 
added providing context about anything notable or unusual. These notes 
are provided for transparency or to set expectations for the committer 
and should not be interpreted as meaning that I object to the patch.
MR: Minor Repair. There is something about the patch which I think 
should ideally be changed, but I do not think that the commit should be 
held up for this reason alone.
A: Attention. Something in the patch needs attention from the author, 
the committer, or both. Resolving the matter may or may not require a 
change to the patch.
Blank: I did not review this aspect of the patch.

[CC] Applies cleanly (commit bd87416648929f38c0173f047776d7675ea8a10d, 
after applying the previous commit in this series)
[CC] Cryptographic hash
[C ] Synopsis & Description
[C ] Package license matches source license
[C ] No compiler warnings
[CC] `guix lint` output
[CC] `guix style` output
[C ] Package builds (my host is an x86_64 Xen guest)
[  ] Builds for other architectures
[  ] No bundled software
[CC] Works in container with minimal inputs
[C ] `guix size` output
[CC] Dependent packages (`guix refresh --list-dependent PACKAGE`)
[C ] `guix build --rounds=2`
[C ] Gender-neutral wording
[C ] One set of related changes
[  ] Simulated guix pull

# Applies Cleanly
Git reported that there were some "whitespace errors" due to spaces 
before tabs. This is because the commit includes a new patch and the 
patch applies to a file that uses tabs. The diff format requires that a 
space appears before the tabs, so this error is erroneous.

# Cryptographic hash
A key with a fingerprint of 968479a1aff927e37d1a566bb5690eeebb952194 
verified a checkout that hashes to the same value as found in the 
package. This key is listed on the Ubuntu keyserver 
(https://keyserver.ubuntu.com/pks/lookup?search=B5690EEEBB952194&fingerprint=on&op=index) 
with two signatures from other keys. One of them is a key that only has 
a self-signature, the other has a large number of other signatures and 
claims to belong to Andy Brody 
(https://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0xc7090b1a5f57cdc5). 
The key was not found on the OpenPGP keyserver. The only UID attached to 
the key is "GitHub <noreply@github.com>", implying that the GitHub 
server is ultimately responsible for maintaining source integrity.

# guix lint output
Guix lint reports 2 issues neither of which require action.

It states that the new version is "probably vulnerable to 
CVE-2022-2989". However, the discussion at 
https://bugzilla.redhat.com/show_bug.cgi?id=2121445 indicates that fix 
is implemented by 
https://github.com/containers/podman/pull/15696/commits/21540161f20daffd884eba99b2cc31373c9a0ec4. 
My copy of the checkout contains commit 
d82a41687e614d9ac8b2d169dee47fe226835e4c which has an identical diff.

It also states that line 396 is too long, but this is due to a long 
string which consists of a single "word" (a path).

# guix style output
The tool wants to change the formatting of the majority of lines in this 
package, which were not changed in this patch, leading to a much larger 
diff than what has been submitted.

# Container with minimal inputs
I ran the following command:

```
$ ./pre-inst-env guix shell -C podman -- podman ps
```

This caused podman to print 2 warnings and 1 error in addition to the 
header line for containers (as I do not have any containers on my 
system, I expected the remaining output to be blank). The warnings & 
error were related to "/" not being a shared mount (it's not) and 
operating in rootless mode (the output made sense based on rootless.md 
in the root of the repository).

# Dependent packages
There is one dependent package, distrobox, which continues to build 
successfully after applying this patch.