feat(settings): introduce setting to disable container caps for non-admins (#4109) (#4510)

* feat(settings): introduce settings to allow/disable

* feat(settings): update the setting

* feat(docker): prevent user from using caps if disabled

* refactor(stacks): revert file

* style(api): remove portainer ns

api/http/handler/stacks/create_compose_stack.go

@@ -338,7 +338,9 @@ func (handler *Handler) deployComposeStack(config *composeStackDeploymentConfig)
 	if (!settings.AllowBindMountsForRegularUsers ||
 		!settings.AllowPrivilegedModeForRegularUsers ||
 		!settings.AllowHostNamespaceForRegularUsers ||
-		!settings.AllowDeviceMappingForRegularUsers) && !isAdminOrEndpointAdmin {
+		!settings.AllowDeviceMappingForRegularUsers ||
+		!settings.AllowContainerCapabilitiesForRegularUsers) &&
+		!isAdminOrEndpointAdmin {
 
 		composeFilePath := path.Join(config.stack.ProjectPath, config.stack.EntryPoint)