Currently we allow two volumes to have the same container_path. The bind-mount of a later volume would overwrite that of an earlier one.
However, if the two volumes are file-based secrets, the containerizer will generate pre-exec commands similar to the following:
The second mv would rename secret2 to source, but target remains bounded to the gone secret1, and this would make the last mount result in an ENOENT.
In general, allowing multiple with the same container_path is not useful, so we should disallow it and validate that in advance instead of getting a failure during container launch.