bhyveload: hold /boot and do relative lookups for the loader

The next change will push bhyveload into capability mode right after we
allocate vcpu state, before we've setup or entered the loader, to limit
the surface area that a rogue loader script can touch.

With an explicit -l loader, we don't need to preopen /boot because
changing interpreters isn't allowed. We'll just dlopen() entirely in
advance in that case to eliminate some complexity.

Reviewed by: allanjude (earlier version), markj

(cherry picked from commit bf7c4fcbbb05ff99afde0744d013feeb35d77191)
(cherry picked from commit 67082f077f39d9c7b7bd561c14622e6f3ef23681)