Isolate $HOME directory via snapshot and overlay

[buzmeg]

Is your feature request related to a problem? Please describe.
Lots of people are complaining about not being able to isolate $HOME as effectively as the operating system itself.

See: #183 #348 #1470

I'm no different. Overriding $HOME and using aliases eases some of the pain, but they're just papering over the underlying problem that people want some level of immutability around their $HOME directory.

Describe the solution you'd like
What I would like to be able to do is:

1. Snapshot $HOME upon creation of the toolbox
2. All changes to $HOME should either be to that snapshot or (preferably) a toolbox specific overlay on top of that snapshot.

This consolidates the use cases that I can see:

1. Existing standard -- $HOME shared between host and toolbox via underlying filesystem
2. Existing overridden -- $HOME gets set by host and carried into toolbox via underlying filesystem
3. Blank $HOME to same directory name as host--toolbox is accessing an overlay with no underlying snapshot
4. Populated $HOME to same directory name as host--toolbox is accessing an overlay with a snapshot of host $HOME

Note that an overlay should allow other cases as well:
5) Blank $HOME to overridden directory name--toolbox is still just accessing an overlay with no underlying snapshot
6) Populated $HOME to overridden directory name as host--toolbox is accessing an overlay with a snapshot of overridden $HOME
7) Purely immutable or resettable $HOME--snapshot access only

Additional context
Another advantage would be that the host can copy files into the toolbox by copying them to the toolbox overlay. This would make setting up a toolbox extremely repeatable (especially if the initial snapshot was blank).

Thanks.