landlock: start project, add roadmap doc

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>

projects/landlock/roadmap.md

@@ -0,0 +1,22 @@
+# Landlock LSM
+
+[Landlock](https://lwn.net/Articles/698226/) is a Linux Security Module currently under development by Mickaël Salaün (@l0kod). Landlock is based on eBPF,
+extended Berkeley Packet filters (see [ebpf project](../ebpf/roadmap.md)), to attach small programs to hooks in the kernel.
+
+These eBPF programs provide context that can allow for very robust decision-making when integrated with LSM hooks.
+In particular, this lends itself very nicely to container-based environments.
+One such example is that Landlock could be used to write policies to restrict containers from accessing file descriptors they do
+not own, acting as a last line of defense to restrict container escapes, 
+
+Landlock is stackable on top of other LSMs, like SELinux and Apparmor.
+
+
+## Roadmap
+
+**Near-term:**
+- We will carry the Landlock patches in a `kernel-landlock` image for people to test, and update them continuously
+- Draft and include a simple Landlock policy that can be demonstrated with the current patch-set, to show an example
+- Offer design and code review help on Landlock, using Moby as a test-bed
+
+**Long-term:**
+- Develop a robust container-minded Landlock policy, and include it in Moby by default