Describe your feature request here

It seems like the secure way to deploy a self-hosted agent is to loop infinitely through creating Docker containers with --once, in which Docker-in-Docker is then used by the Agent to subsequently create other Docker containers.

What if we'd have an option to allow only container jobs, making it possible to run the agent on the host without --once, and the agent makes sure that only containerized jobs can be executed?

As a person not involved deeply with this project, it seems like just raising an error in https://github.com/microsoft/azure-pipelines-agent/blob/master/src/Agent.Worker/ExecutionContext.cs#L575 could work, but I guess this would require some other workarounds.

Or is there another simple method one can use to deploy an agent that doesn't let a pipeline definition access/modify any files in the host?