Mount /home/tex in an anonymous volume

When we mount the container's root filesystem as read-only, mount
an anonymous volume in /home/tex so that it's writable. Our TeX Live
images have cached content in /home/tex. This content will automatically
get copied by Docker into this anonymous volume.

services/clsi/app/js/DockerRunner.js

@@ -277,6 +277,7 @@ const DockerRunner = {
     if (Settings.clsi.docker.Readonly) {
       options.HostConfig.ReadonlyRootfs = true
       options.HostConfig.Tmpfs = { '/tmp': 'rw,noexec,nosuid,size=65536k' }
+      options.Volumes['/home/tex'] = {}
     }
 
     // Allow per-compile group overriding of individual settings
@@ -519,7 +520,7 @@ const DockerRunner = {
   _destroyContainer(containerId, shouldForce, callback) {
     logger.log({ containerId }, 'destroying docker container')
     const container = dockerode.getContainer(containerId)
-    container.remove({ force: shouldForce === true }, (error) => {
+    container.remove({ force: shouldForce === true, v: true }, (error) => {
       if (error != null && error.statusCode === 404) {
         logger.warn(
           { err: error, containerId },

services/clsi/test/unit/js/DockerRunnerTests.js

@@ -802,7 +802,7 @@ describe('DockerRunner', function () {
         (err) => {
           this.fakeContainer.remove.callCount.should.equal(1)
           this.fakeContainer.remove
-            .calledWith({ force: true })
+            .calledWithMatch({ force: true })
             .should.equal(true)
           return done()
         }
@@ -816,7 +816,7 @@ describe('DockerRunner', function () {
         (err) => {
           this.fakeContainer.remove.callCount.should.equal(1)
           this.fakeContainer.remove
-            .calledWith({ force: false })
+            .calledWithMatch({ force: false })
             .should.equal(true)
           return done()
         }