add support for guarding pipestream with NO_NEW_PRIVS
Add an option to the pipestream and related APIs to drop the
right to obtain further privileges before exec()ing the binary
(off by default). This may be used as an additional measure to
guard invocations of untrusted binaries or trusted ones that
operate on untrusted inputs.
Target audience: arnied scheduler, everywhere file(1) or
imagemagick tools are called.
Defects: it will be tricky to properly unit test this.
[0] https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt