The plugin checks for `containerId.isPresent()`, then tries to mount all volumes mounted on the Jenkins container on the new Job container.
This is exactly what I want to prevent since it poses a huge attack surface for untrusted code.
https://github.com/jenkinsci/docker-workflow-plugin/blob/1089131014350e11adfa364d34e7717954350261/src/main/java/org/jenkinsci/plugins/docker/workflow/WithContainerStep.java#L168
Suggestion: make this behaviour configurable.