This saves one issetugid for every exec. Note there is another call coming from something deeper which probably cannot be easily taken care of in the same manner.
Verified with debug printfs that trust is NOT set when running 'su' et al and is set otherwise.
Unit Tests Skipped
If you allocate one more flag in bsdflags. used to indicate support for BSDF_ISSETUGID, you do not need to rely on osreldate() which is better IMO. Check the new flag, and if set, ELF_BSDF_ISSETUGID presence is equal to trust. Also right now you rely on bsdflags presence, adding that flag would make zero initialization of bsdflags do the right thing.
Another option is to allocate new auxv entry with the value indicating issetugid, but flags are fine since they are already there.