This introduces a new, per-process flag, "NO_NEW_PRIVS", which
is inherited, preserved on exec, and cannot be cleared. The flag,
when set, makes subsequent execs ignore any SUID and SGID bits,
instead executing those binaries as if they not set.
Main purpose of the flag is implementation of Linux PROC_NO_NEW_PRIVS
prctl(2), and possibly also unpriviledged chroot.