Add --net=none to disable networking for Docker containers by default.

Author: Peter Amstutz

cwltool/job.py

@@ -67,6 +67,7 @@ def run(self, dry_run=False, pull_image=True, rm_container=True, rm_tmpdir=True,
             runtime.append("--volume=%s:%s:rw" % (os.path.abspath(self.tmpdir), "/tmp"))
             runtime.append("--workdir=%s" % ("/var/spool/cwl"))
             runtime.append("--read-only=true")
+            runtime.append("--net=none")
             euid = docker_vm_uid() or os.geteuid()
             runtime.append("--user=%s" % (euid))