Using secure memory enclaves from the context of process containers

What is claimed is: 1. A computing system comprising: one or more processors; and one or more computer-readable storage medium having stored computer executable instructions which are executable by the one or more processors for configuring the computing system to implement a method for performing attestation for a container-based memory enclave, and by at least configuring the computing system to: identify one or more containers of the container-based memory enclave, each of the one or more containers being configured to reference enclave memory residing in a security domain that is different than a first security domain of the host system and using a security component for attesting to a particular security configuration for the enclave memory, the security component being loaded at a memory address of the host system and being linked to by one or more references to the security component at the one or more containers; obtain a single attestation report from a remote attestation service regarding security guarantees of a security configuration of the one or more containers based on the security component; identify one or more subsequent requests to attest to the security guarantees for the one or more containers in the single attestation report; and attest to the security guarantees for the one or more containers based on the single attestation report while preventing the one or more subsequent requests from being routed to the remote attestation service. 2. The computing system of claim 1 , wherein the executable instructions which are further executable by the one or more processors for configuring the computing system to attest to the security guarantees for a plurality of containers that each include a reference to the security component loaded at the memory address of the host system based on the single attestation report. 3. The computing system of claim 2 , wherein the single attestation report is obtained in response to a request to attest to a security guarantee of a different container having a reference to the security component loaded at the address of the host. 4. The computing system of claim 1 , wherein the executable instructions are further executable by the one or more processors for configuring the computing system to: receive a new attestation request for a particular container having allocated enclave memory, which is generated subsequent to a reallocation of the allocated enclave memory for the container. 5. The computing system of claim 1 , wherein the executable instructions are further executable by the one or more processors for configuring the computing system to: validate integrity of the container and issuing a new attestation report without requiring the new attestation request to be submitted to a remote attestation service. 6. The computing system of claim 1 , wherein the executable instructions are further executable by the one or more processors for configuring the computing system to: monitor container state and disable a container that is determined to be compromised. 7. The computing system of claim 1 , wherein the executable instructions are further executable by the one or more processors for configuring the computing system to: upon receiving a new subsequent attestation request, determine an attribute of a particular container associated with the new subsequent attestation request; and deterministically routing the new subsequent attestation request to a remote service based on the attribute of the particular container. 8. The computing system of claim 7 , wherein the attribute of the particular container comprises a longevity of the container and a first set of containers have a relatively greater longevity than a second set of containers, wherein one or more container attestation requests associated with the first set of containers are routed to the remote service, while one or more attestation report is generated for each of the second set of containers, including the new subsequent, which have a relatively shorter longevity than the first set of containers, without routing one or more container attestation requests associated with the second set of containers to the remote service. 9. The computing system of claim 1 , wherein the executable instructions are further executable by the one or more processors for configuring the computing system to: upon receiving a subsequent container attestation request, determine an attribute of a particular container associated with the subsequent container attestation request; and generate an attestation report without routing the subsequent container attestation request to the remote service, based at least in part on the attribute of the particular container. 10. The computing system of claim 9 , wherein the executable instructions are further executable by the one or more processors for configuring the computing system to: intercept the subsequent container attestation request and to generate the attestation report without routing the subsequent container attestation request to the remote service, in response to determining that the subsequent container is provisioned from a same container image that was used to provision the one or more containers corresponding to the single attestation report, as well as in response to determining that the single attestation report was received prior to the subsequent container attestation request. 11. A method implemented by a computing system for performing attestation for a container-based memory enclave, the method including the computing system: identifying one or more containers of the container-based memory enclave, each of the one or more containers being configured to reference enclave memory residing in a security domain that is different than a first security domain of the host system and using a security component for attesting to a particular security configuration for the enclave memory, the security component being loaded at a memory address of the host system and being linked to by one or more references to the security component at the one or more containers; obtaining a single attestation report from a remote attestation service regarding security guarantees of a security configuration of the one or more containers based on the security component; identifying one or more subsequent requests to attest to the security guarantees for the one or more containers in the single attestation report; and attesting to the security guarantees for the one or more containers based on the single attestation report while preventing the one or more subsequent requests from being routed to the remote attestation service. 12. The method of claim 11 , wherein the method further includes the computing system attesting to the security guarantees for a plurality of containers that each include a reference to the security component loaded at the memory address of the host system based on the single attestation report. 13. The method of claim 12 , wherein the single attestation report is obtained in response to a request to attest to a security guarantee of a different container having a reference to the security component loaded at the address of the host. 14. The method of claim 11 , wherein the method further includes the computing system: receiving a new attestation request for a particular container having allocated enclave memory, which is generated subsequent to a reallocation of the allocated enclave memory for the container. 15. The method of claim 11 , wherein the method further includes the computing system: alidating integrity of the container and issuing a new attestation re