In  we discussed removing the nullwrap option because it is an
important line of defense in Zuul security. It is also not a
full-featured execution wrapper (it doesn't support secrets).
This removes the configuration option, and the documentation, except
to indicate that bubblewrap is required, and if folks have problems
with it, contact us.
Nullwrap itself is not removed as it may prove useful in the future
and is currently used in the setup phase of the job where we must
not use bubblewrap in order to establish the long-running ssh control