Dockerfile: update runc binary to 1.1.15

[austinvazquez]

diff: opencontainers/runc@v1.1.14...v1.1.15

Release Notes:

• The -ENOSYS seccomp stub is now always generated for the native
  architecture that runc is running on. This is needed to work around some
  arguably specification-incompliant behaviour from Docker on architectures
  such as ppc64le, where the allowed architecture list is set to null. This
  ensures that we always generate at least one -ENOSYS stub for the native
  architecture even with these weird configs.
• On a system with older kernel, reading /proc/self/mountinfo may skip some
  entries, as a consequence runc may not properly set mount propagation,
  causing container mounts leak onto the host mount namespace.
• In order to fix performance issues in the "lightweight" bindfd protection
  against [https://github.com/advisories/GHSA-gxmr-w5mj-v8hh], the temporary ro bind-mount of /proc/self/exe
  has been removed. runc now creates a binary copy in all cases.

[austinvazquez]

Opening prematurely to test if any issues with runc/containerd integration with buildkit. moby usually waits to consume runc release once containerd has vetted it. containerd 1.6 CI (containerd/containerd#10795) has exposed an issue with runc v1.1.15 with cgroupfs driver.

[austinvazquez]

1.2 is out. Closing in favor of that.