Mesos fetcher should use agent's credential to fetch artifacts.

When launching a container, Mesos setuid to the task's credential before fetching the artifacts into the executor sandbox. However, if any directory in the sandbox path forbids 'x' mode for the task's credential, the fetcher won't be able to store the artifact into the sandbox, but instead get an EACCES from https://github.com/apache/mesos/blob/master/3rdparty/stout/include/stout/net.hpp#L214

We should use the agent's credential to fetch the artifacts, chown them, then setuid.