docker: clamp CPU shares to minimum of 2

[tgross]

In #25963 we added normalization of CPU shares for large hosts where the total compute was larger than the maximum CPU shares. But if the result after normalization is less than 2, runc will have an integer overflow. We prevent this in the shared executor for the exec/rawexec driver by clamping to the safe minimum value. Do this for the docker driver as well and add test coverage of it for the shared executor too.

Fixes: #26080
Fixes: https://hashicorp.atlassian.net/browse/NMD-858
Ref: #25963

Contributor Checklist

• Changelog Entry If this PR changes user-facing behavior, please generate and add a
  changelog entry using the make cl command.
• Testing Please add tests to cover any new functionality or to demonstrate bug fixes and
  ensure regressions will be caught.
• Documentation If the change impacts user-facing functionality such as the CLI, API, UI,
  and job configuration, please update the Nomad website documentation to reflect this. Refer to
  the website README for docs guidelines. Please also consider whether the
  change requires notes within the upgrade guide.

Reviewer Checklist

• Backport Labels Please add the correct backport labels as described by the internal
  backporting document.
• Commit Type Ensure the correct merge method is selected which should be "squash and merge"
  in the majority of situations. The main exceptions are long-lived feature branches or merges where
  history should be preserved.
• Enterprise PRs If this is an enterprise only PR, please add any required changelog entry
  within the public repository.

[tgross]

Just for my peace of mind I ran a half hour of fuzz testing and tested a few big 10k integer windows of requests vs every value for the total from hw.MHz(1) to hw.MHz(5_000_000), and all the values fall into the acceptable range.